Export limit exceeded: 347681 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347681 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6229 | 2 Wordpress, Wproyal | 2 Wordpress, Royal Addons For Elementor – Addons And Templates Kit For Elementor | 2026-05-02 | 7.2 High |
| The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the render_csv_data() function, which can be bypassed by including 'docs.google.com/spreadsheets' in a query parameter, and the subsequent use of these URLs in fopen() calls without blocking internal or private network addresses. This makes it possible for authenticated attackers, with Contributor-level access and above, to make requests to arbitrary URLs and retrieve sensitive information from internal services. | ||||
| CVE-2026-4024 | 2 Wordpress, Wproyal | 2 Wordpress, Royal Addons For Elementor – Addons And Templates Kit For Elementor | 2026-05-02 | 5.3 Medium |
| The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both `wp_ajax` and `wp_ajax_nopriv` hooks, making it accessible to unauthenticated users. Although a nonce is verified, the nonce (`wpr-addons-js`) is publicly exposed in frontend JavaScript via `WprConfig.nonce` on any page that loads Royal Addons widgets, rendering the protection ineffective. The endpoint also lacks any capability or ownership checks and directly calls `update_post_meta()` with user-controlled input on a whitelisted set of form action meta keys. This makes it possible for unauthenticated attackers to modify form action configuration metadata (email, submissions, Mailchimp, and webhook settings) on any post, potentially leading to webhook/email action tampering and data exfiltration via modified webhook URLs. | ||||
| CVE-2026-7606 | 1 Trendnet | 2 Tew-821dap, Tew-821dap Firmware | 2026-05-02 | 3.7 Low |
| A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-7610 | 1 Trendnet | 1 Tew-821dap Firmware | 2026-05-02 | 3.7 Low |
| A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-7491 | 2026-05-02 | 8.1 High | ||
| School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data. | ||||
| CVE-2026-7490 | 2026-05-02 | 7.2 High | ||
| CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2026-7489 | 2026-05-02 | 8.8 High | ||
| CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2026-7609 | 1 Trendnet | 1 Tew-821dap Firmware | 2026-05-02 | 6.3 Medium |
| A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-7608 | 1 Trendnet | 1 Tew-821dap Firmware | 2026-05-02 | 5.5 Medium |
| A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-20079 | 1 Cisco | 1 Secure Firewall Management Center | 2026-05-02 | 10 Critical |
| A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device. | ||||
| CVE-2026-7049 | 2 Pixelyoursite, Wordpress | 2 Pixelyoursite Pro – Your Smart Pixel (tag) Manager, Wordpress | 2026-05-02 | 7.2 High |
| The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scan_video. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The SSRF is blind because fetched response bodies are only parsed internally for YouTube/Vimeo patterns and are never returned to the attacker. | ||||
| CVE-2026-7607 | 1 Trendnet | 2 Tew-821dap, Tew-821dap Firmware | 2026-05-02 | 8.8 High |
| A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-5324 | 2026-05-02 | 7.2 High | ||
| The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when no file is uploaded, and the reversal of security encoding via html_entity_decode() followed by unescaped output in the admin view. The submit_form() function skips nonce verification for non-logged-in users (api.php:198). The handleFileTypeFields() function fails to overwrite user-supplied values when no file is attached. While htmlentities() is applied during storage, html_entity_decode() reverses this on display (form-entries.php:79). The form-data.php template outputs FileUpload values directly in href attributes without esc_url(). This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the form Leads page. | ||||
| CVE-2026-42167 | 1 Proftpd | 1 Proftpd | 2026-05-02 | 8.1 High |
| mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM). | ||||
| CVE-2026-6706 | 1 Devolutions | 1 Server | 2026-05-02 | 6.5 Medium |
| Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. This issue affects Server: from 2026.1.6.0 through 2026.1.14.0, through 2025.3.18.0. | ||||
| CVE-2025-50328 | 1 B1 | 1 Free Archiver | 2026-05-02 | 7.3 High |
| A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions. | ||||
| CVE-2026-40685 | 1 Exim | 1 Exim | 2026-05-02 | 6.5 Medium |
| In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping. | ||||
| CVE-2026-33449 | 1 Absolute | 1 Secure Access | 2026-05-02 | N/A |
| CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service. | ||||
| CVE-2026-33452 | 1 Absolute | 1 Secure Access | 2026-05-02 | N/A |
| CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system. | ||||
| CVE-2026-28909 | 1 Apple | 1 Macos | 2026-05-02 | 6.5 Medium |
| Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3. | ||||