Export limit exceeded: 349502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26731 | 1 Totolink | 3 A3002ru, A3002ru-v2, A3002ru Firmware | 2026-04-16 | 8 High |
| TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function. | ||||
| CVE-2026-26732 | 1 Totolink | 3 A3002ru, A3002ru-v2, A3002ru Firmware | 2026-04-16 | 8.8 High |
| TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function. | ||||
| CVE-2026-24734 | 2 Apache, Apache Tomcat | 3 Tomcat, Tomcat Native, Apache Tomcat | 2026-04-16 | 7.4 High |
| Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected. Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue. Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue. | ||||
| CVE-2026-22333 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Compare | 2026-04-16 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0. | ||||
| CVE-2026-23547 | 2 Cmsmasters, Wordpress | 2 Cmsmasters Content Composer, Wordpress | 2026-04-16 | 7.1 High |
| Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8. | ||||
| CVE-2026-23805 | 2 Wordpress, Yoren Chang | 2 Wordpress, Media Search Enhanced | 2026-04-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1. | ||||
| CVE-2026-25316 | 2 Brainstormforce, Wordpress | 2 Cartflows, Wordpress | 2026-04-16 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19. | ||||
| CVE-2026-25378 | 2 Neliosoftware, Wordpress | 2 Nelio Ab Testing, Wordpress | 2026-04-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4. | ||||
| CVE-2026-27052 | 2 Villatheme, Wordpress | 2 Sales Countdown Timer For Woocommerce And Wordpress, Wordpress | 2026-04-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through < 1.1.9. | ||||
| CVE-2026-26336 | 1 Hyland | 3 Alfresco Community, Alfresco Content Services, Alfresco Enterprise | 2026-04-16 | 7.5 High |
| Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files. | ||||
| CVE-2026-27343 | 2 Vankarwai, Wordpress | 2 Airtifact, Wordpress | 2026-04-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91. | ||||
| CVE-2026-22344 | 2 Mikado-themes, Wordpress | 2 Fivestar, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affects FiveStar: from n/a through <= 1.7. | ||||
| CVE-2026-22346 | 2 A Wp Life, Wordpress | 2 Slider Responsive Slideshow – Image Slider, Gallery Slideshow, Wordpress | 2026-04-16 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through <= 1.5.4. | ||||
| CVE-2026-22352 | 2 Persianscript, Wordpress | 2 Persian Woocommerce Sms, Wordpress | 2026-04-16 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through <= 7.1.1. | ||||
| CVE-2026-22367 | 2 Ancorathemes, Wordpress | 2 Coworking, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue affects Coworking: from n/a through <= 1.6.1. | ||||
| CVE-2026-22369 | 2 Ancorathemes, Wordpress | 2 Ironfit, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affects Ironfit: from n/a through <= 1.5. | ||||
| CVE-2026-22370 | 2 Axiomthemes, Wordpress | 2 Marveland, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue affects Marveland: from n/a through <= 1.3.0. | ||||
| CVE-2026-22372 | 2 Ancorathemes, Wordpress | 2 Isida, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects Isida: from n/a through <= 1.4.2. | ||||
| CVE-2026-22373 | 2 Ancorathemes, Wordpress | 2 Fooddy, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fooddy fooddy allows PHP Local File Inclusion.This issue affects Fooddy: from n/a through <= 1.3.10. | ||||
| CVE-2026-22375 | 2 Ancorathemes, Wordpress | 2 Impacto Patronus, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Impacto Patronus impacto-patronus allows PHP Local File Inclusion.This issue affects Impacto Patronus: from n/a through <= 1.2.3. | ||||