Export limit exceeded: 347013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347013 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54709 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. | ||||
| CVE-2025-53452 | 2 Barry, Wordpress | 2 Event Rocket, Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in Barry Event Rocket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Rocket: from n/a through 3.3. | ||||
| CVE-2025-53344 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3. | ||||
| CVE-2025-53320 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from n/a through 1.0.4. | ||||
| CVE-2026-35064 | 1 Senselive | 3 X3050, X3500, X3500 Firmware | 2026-04-28 | 7.5 High |
| A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices. | ||||
| CVE-2025-52826 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-52813 | 2026-04-28 | 8.1 High | ||
| Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5. | ||||
| CVE-2025-52810 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.1 High |
| Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1. | ||||
| CVE-2025-52803 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.5 High |
| Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-52796 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14. | ||||
| CVE-2025-52772 | 2026-04-28 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4. | ||||
| CVE-2025-52739 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-52721 | 2 Lcweb, Wordpress | 2 Global Gallery, Wordpress | 2026-04-28 | 6.5 Medium |
| Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3. | ||||
| CVE-2026-35503 | 1 Senselive | 3 X3050, X3500, X3500 Firmware | 2026-04-28 | 9.8 Critical |
| A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality. | ||||
| CVE-2025-50011 | 2026-04-28 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Félix Martínez Recipes manager - WPH allows Stored XSS. This issue affects Recipes manager - WPH: from n/a through 1.0.4. | ||||
| CVE-2025-49991 | 2026-04-28 | 5.3 Medium | ||
| Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14. | ||||
| CVE-2025-49898 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.6 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14. | ||||
| CVE-2025-49897 | 2 Gopiplus, Wordpress | 2 Vertical Scroll Slideshow Gallery V2, Wordpress | 2026-04-28 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. This issue affects Vertical scroll slideshow gallery v2: from n/a through 9.1. | ||||
| CVE-2025-49896 | 2026-04-28 | 5.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord Post Plus – Supports Unlimited Channels allows Cross Site Request Forgery. This issue affects WP Discord Post Plus – Supports Unlimited Channels: from n/a through 1.0.2. | ||||
| CVE-2025-49895 | 2 Ithemes, Wordpress | 2 Serverbuddy, Wordpress | 2026-04-28 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5. | ||||