Export limit exceeded: 345229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75942 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0280 | 1 Hcltech | 1 Compass | 2026-04-15 | 7.5 High |
| A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. | ||||
| CVE-2025-0306 | 1 Redhat | 2 Enterprise Linux, Storage | 2026-04-15 | 7.4 High |
| A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. | ||||
| CVE-2024-8232 | 1 Spidercontrol | 1 Scada Webserver | 2026-04-15 | 7.5 High |
| SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. | ||||
| CVE-2025-13072 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-1161 | 1 Nomysost | 1 Nomysem | 2026-04-15 | 7.1 High |
| Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025. | ||||
| CVE-2025-11691 | 2 Themeisle, Wordpress | 2 Product Addons & Fields For Woocommerce, Wordpress | 2026-04-15 | 7.5 High |
| The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the Enable Legacy Price Calculations setting is enabled. | ||||
| CVE-2025-11488 | 1 D-link | 1 Dir-852 | 2026-04-15 | 7.3 High |
| A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-3105 | 2026-04-15 | 8.8 High | ||
| The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator. | ||||
| CVE-2025-13003 | 1 Aksis Technology | 1 Axonboard | 2026-04-15 | 7.6 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.This issue affects AxOnboard: from 3.2.0 before 3.3.0. | ||||
| CVE-2024-57067 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57068 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57069 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57071 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57074 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57075 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57078 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57079 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57080 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-39597 | 1 Sap | 2 Commerce Cloud, Commerce Hycom | 2026-04-15 | 7.2 High |
| In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this can also grant access to other non-isolated early login sites, even if registration is not enabled for those other sites. | ||||
| CVE-2024-52806 | 1 Simplesamlphp | 1 Saml2 | 2026-04-15 | 8.3 High |
| SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. | ||||