Export limit exceeded: 352261 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352261 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4839 | 1 Sourcecodester | 1 Food Ordering System | 2026-04-24 | 7.3 High |
| A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-25381 | 2 Jwsthemes, Wordpress | 2 Lovedate, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes LoveDate lovedate allows PHP Local File Inclusion.This issue affects LoveDate: from n/a through < 3.8.6. | ||||
| CVE-2026-32504 | 2 Creativews, Wordpress | 2 Vintwood, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8. | ||||
| CVE-2026-32513 | 2 Miguel Useche, Wordpress | 2 Js Archive List, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7. | ||||
| CVE-2026-32522 | 2 Vanquish, Wordpress | 2 Woocommerce Support Ticket System, Wordpress | 2026-04-24 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5. | ||||
| CVE-2026-32573 | 2 Neliosoftware, Wordpress | 2 Nelio Ab Testing, Wordpress | 2026-04-24 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.7. | ||||
| CVE-2026-4835 | 1 Code-projects | 1 Accounting System | 2026-04-24 | 3.5 Low |
| A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface. Such manipulation of the argument costumer_name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-4840 | 1 Netcore | 1 Power 15ax | 2026-04-24 | 8.8 High |
| A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-27087 | 2 G5theme, Wordpress | 2 Wolverine Framework, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through <= 1.9. | ||||
| CVE-2026-27077 | 2 Mikado-themes, Wordpress | 2 Multioffice, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2. | ||||
| CVE-2026-25460 | 2 Liquidthemes, Wordpress | 2 Ave Core, Wordpress | 2026-04-24 | 6.3 Medium |
| Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1. | ||||
| CVE-2026-25457 | 2 Select-themes, Wordpress | 2 Mixtape, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through <= 2.1. | ||||
| CVE-2026-25414 | 2 Iqonicdesign, Wordpress | 2 Wpbookit Pro, Wordpress | 2026-04-24 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | ||||
| CVE-2026-25401 | 2 Arni Cinco, Wordpress | 2 Wpcargo Track & Trace, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. | ||||
| CVE-2026-25376 | 2 Eyecix, Wordpress | 2 Addon Jobsearch Chat, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0. | ||||
| CVE-2026-25373 | 2 Progressionstudios, Wordpress | 2 Vayvo, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProgressionStudios Vayvo vayvo-progression allows Reflected XSS.This issue affects Vayvo: from n/a through < 6.8. | ||||
| CVE-2026-4484 | 2 Masteriyo, Wordpress | 2 Masteriyo Lms – Online Course Builder For Elearning, Lms & Education, Wordpress | 2026-04-24 | 8.8 High |
| The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator. | ||||
| CVE-2026-4838 | 1 Sourcecodester | 1 Malawi Online Market | 2026-04-24 | 7.3 High |
| A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-4953 | 1 Mingsoft | 1 Mcms | 2026-04-24 | 7.3 High |
| A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-4909 | 1 Code-projects | 1 Exam Form Submission | 2026-04-24 | 2.4 Low |
| A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||