Export limit exceeded: 364448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 14756 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12116 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12116 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-49682 1 Simple-membership-plugin 1 Simple Membership 2026-04-23 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3.
CVE-2024-47648 1 Theeventprime 1 Eventprime 2026-04-23 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5.
CVE-2024-47646 2026-04-23 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in tomlister Payflex Payment Gateway payflex-payment-gateway.This issue affects Payflex Payment Gateway: from n/a through <= 2.6.1.
CVE-2024-47354 2026-04-23 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership After Login Redirection simple-membership-after-login-redirection.This issue affects Simple Membership After Login Redirection: from n/a through <= 1.6.
CVE-2024-47353 1 Quomodosoft 1 Elementsready 2026-04-23 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.
CVE-2024-47316 1 Salonbookingsystem 1 Salon Booking System 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking system: from n/a through <= 10.9.
CVE-2024-43266 1 Wpjobportal 1 Wp Job Portal 2026-04-23 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.8.
CVE-2024-43239 1 Masteriyo 1 Masteriyo 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.
CVE-2026-30459 2 Daylightstudio, Thedaylightstudio 2 Fuel Cms, Fuel Cms 2026-04-23 7.1 High
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.
CVE-2026-33149 2 Tandoor, Tandoorrecipes 2 Recipes, Recipes 2026-04-23 8.1 High
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.build_absolute_uri() to generate absolute URLs in multiple contexts, including invite link emails, API pagination, and OpenAPI schema generation. An attacker who can send requests to the application with a crafted Host header can manipulate all server-generated absolute URLs. The most critical impact is invite link poisoning: when an admin creates an invite and the application sends the invite email, the link points to the attacker's server instead of the real application. When the victim clicks the link, the invite token is sent to the attacker, who can then use it at the real application. As of time of publication, it is unknown if a patched version is available.
CVE-2026-22735 2 Spring, Vmware 2 Spring Foundation, Spring Framework 2026-04-23 2.6 Low
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.
CVE-2026-34454 1 Oauth2 Proxy Project 1 Oauth2 Proxy 2026-04-23 3.5 Low
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be shown the sign-in page while the existing session cookie remains valid, meaning the browser session is not actually logged out. On shared workstations or devices, a subsequent user could continue to use the previous user's authenticated session. Deployments that use a dedicated logout/sign-out endpoint to terminate sessions are not affected. This issue is fixed in 7.15.2
CVE-2026-0971 1 Fortra 2 Goanywhere Managed File Transfer, Goanywhere Mft 2026-04-23 4.3 Medium
An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.
CVE-2024-58087 1 Linux 1 Linux Kernel 2026-04-23 8.1 High
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire.
CVE-2026-40896 2 Openproject, Opf 2 Openproject, Openproject 2026-04-23 6.5 Medium
OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target project, meeting, or victim is required; the attacker can blindly spray items into every meeting on the instance by iterating sequential section IDs. Version 17.3.0 patches the issue.
CVE-2009-0231 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2026-04-23 8.8 High
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
CVE-2009-3547 8 Canonical, Fedoraproject, Linux and 5 more 17 Ubuntu Linux, Fedora, Linux Kernel and 14 more 2026-04-23 7.0 High
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
CVE-2009-3290 2 Linux, Redhat 2 Linux Kernel, Rhel Virtualization 2026-04-23 N/A
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."
CVE-2009-0935 1 Linux 1 Linux Kernel 2026-04-23 5.5 Medium
The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance.
CVE-2007-3749 1 Apple 1 Mac Os X 2026-04-23 7.8 High
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.