Export limit exceeded: 346069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346069 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67432 | 1 Monkeybread Software | 1 Mbs Dyna Pdf Plugin | 2026-04-15 | 7.5 High |
| A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-39360 | 2026-04-15 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag grace-mag allows PHP Local File Inclusion.This issue affects Grace Mag: from n/a through <= 1.1.5. | ||||
| CVE-2025-47601 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0. | ||||
| CVE-2025-27845 | 1 Espec | 1 North America Web Controller | 2026-04-15 | 9.8 Critical |
| In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI. | ||||
| CVE-2024-11331 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The استخراج محصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-9591 | 2026-04-15 | 2.4 Low | ||
| A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10863 | 2026-04-15 | N/A | ||
| : Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4. End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side. | ||||
| CVE-2025-39397 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Anything Popup anything-popup allows Reflected XSS.This issue affects Anything Popup: from n/a through <= 7.3. | ||||
| CVE-2025-39399 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashraful Sarkar Naiem License For Envato license-envato allows PHP Local File Inclusion.This issue affects License For Envato: from n/a through <= 1.0.0. | ||||
| CVE-2025-31717 | 1 Unisoc | 8 S8000, T750, T760 and 5 more | 2026-04-15 | 7.5 High |
| In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-31992 | 1 Hcltech | 1 Maxai Assistant | 2026-04-15 | 4.6 Medium |
| HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session. | ||||
| CVE-2025-39408 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress BruteGuard – Brute Force Login Protection bruteguard allows Reflected XSS.This issue affects BruteGuard – Brute Force Login Protection: from n/a through <= 0.1.4. | ||||
| CVE-2025-30059 | 1 Cgm | 1 Cgm Clininet | 2026-04-15 | N/A |
| In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection. | ||||
| CVE-2025-39415 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links social-media-links allows Stored XSS.This issue affects Social Media Links: from n/a through <= 1.0.3. | ||||
| CVE-2024-47922 | 2026-04-15 | 7.5 High | ||
| Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-39422 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking wp-social-bookmarking allows Stored XSS.This issue affects WP Social Bookmarking: from n/a through <= 3.6. | ||||
| CVE-2023-6523 | 1 Extremepacs | 1 Extreme Xds | 2026-04-15 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse.This issue affects Extreme XDS: before 3914. | ||||
| CVE-2025-39423 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header add-to-header allows Stored XSS.This issue affects Add to Header: from n/a through <= 1.0. | ||||
| CVE-2025-48343 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication wpmuldap allows Stored XSS.This issue affects WPMU Ldap Authentication: from n/a through <= 5.0.1. | ||||
| CVE-2025-39425 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager style-manager allows Cross Site Request Forgery.This issue affects Style Manager: from n/a through <= 2.2.7. | ||||