Export limit exceeded: 45576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33862 | 1 Eaton | 1 Intelligent Power Protector | 2026-04-15 | 6.7 Medium |
| IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. | ||||
| CVE-2022-35202 | 1 Sitevision | 1 Sitevision | 2026-04-15 | 5.1 Medium |
| A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV. This keystore is protected with a low-complexity, auto-generated password. | ||||
| CVE-2025-62065 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5. | ||||
| CVE-2022-38691 | 1 Unisoc | 4 Sc9863a, T310, T610 and 1 more | 2026-04-15 | 7.8 High |
| In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2022-39997 | 1 Teldat | 2 Rs123 Firmware, Rs123w Firmware | 2026-04-15 | 8 High |
| A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges | ||||
| CVE-2022-4001 | 1 Motorola | 1 Q14 Mesh Router Firmware | 2026-04-15 | 7.3 High |
| An authentication bypass vulnerability could allow an attacker to access API functions without authentication. | ||||
| CVE-2022-40975 | 2026-04-15 | 5.4 Medium | ||
| Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | ||||
| CVE-2024-32731 | 2026-04-15 | 5.5 Medium | ||
| SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application. | ||||
| CVE-2022-41324 | 2026-04-15 | 6.5 Medium | ||
| Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information. | ||||
| CVE-2022-42974 | 1 Kostal Piko | 1 Mp Plus Hmi Oem | 2026-04-15 | 4.8 Medium |
| In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting (XSS) attack on /file.bootloader.upload.html. The application fails to sanitize the parameter filename, in a POST request to /file.bootloader.upload.html for a system update, thus allowing one to inject HTML and/or JavaScript on the page that will then be processed and stored by the application. Any subsequent requests to pages that retrieve the malicious content will automatically exploit the vulnerability on the victim's browser. This also happens because the tag is loaded in the function innerHTML in the page HTML. | ||||
| CVE-2022-43110 | 1 Voltronicpower | 1 Viewpower | 2026-04-15 | 9.8 Critical |
| Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down. | ||||
| CVE-2022-44633 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. | ||||
| CVE-2022-45850 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9. | ||||
| CVE-2022-45852 | 2026-04-15 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5. | ||||
| CVE-2024-11093 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.5 Medium |
| The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2022-46845 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3. | ||||
| CVE-2022-47036 | 1 Siklu | 1 Tg Terragraph | 2026-04-15 | 9.8 Critical |
| Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later. | ||||
| CVE-2025-67979 | 2 Westerndeal, Wordpress | 2 Wpforms Google Sheet Connector, Wordpress | 2026-04-15 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1. | ||||
| CVE-2025-67982 | 2 Thembay, Wordpress | 2 Urna, Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. | ||||
| CVE-2022-48682 | 2026-04-15 | 6 Medium | ||
| In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. | ||||