Export limit exceeded: 344332 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344332 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50655 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-13 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint. | ||||
| CVE-2025-50657 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-13 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint. | ||||
| CVE-2025-50659 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-13 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint. | ||||
| CVE-2025-50660 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-13 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint. | ||||
| CVE-2025-50661 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-13 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log. | ||||
| CVE-2025-50662 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-13 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint. | ||||
| CVE-2025-50663 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-13 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint. | ||||
| CVE-2025-50664 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-13 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr. | ||||
| CVE-2025-50665 | 2 D-link, Dlink | 3 Di-8003, Di-8003, Di-8003 Firmware | 2026-04-13 | 7.5 High |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and mem_utf8 parameters. | ||||
| CVE-2026-39485 | 2 Embedplus, Wordpress | 2 Youtube Embed Plus, Wordpress | 2026-04-13 | 4.3 Medium |
| Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through <= 14.2.4. | ||||
| CVE-2026-39487 | 2 Ameliabooking, Wordpress | 2 Amelia, Wordpress | 2026-04-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.1.1. | ||||
| CVE-2026-39495 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-04-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27. | ||||
| CVE-2026-39497 | 2 Realmag777, Wordpress | 2 Fox, Wordpress | 2026-04-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through <= 1.4.5. | ||||
| CVE-2026-39501 | 2 Realmag777, Wordpress | 2 Fox, Wordpress | 2026-04-13 | 5.3 Medium |
| Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <= 1.4.5. | ||||
| CVE-2026-39505 | 2 Craig Hewitt, Wordpress | 2 Seriously Simple Podcasting, Wordpress | 2026-04-13 | 5.3 Medium |
| Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.2. | ||||
| CVE-2026-39508 | 2 Josh Kohlbach, Wordpress | 2 Advanced Coupons For Woocommerce Coupons, Wordpress | 2026-04-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1.1. | ||||
| CVE-2026-39517 | 2 Awplife, Wordpress | 2 Blog Filter, Wordpress | 2026-04-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.6. | ||||
| CVE-2026-39528 | 2 Wordpress, Wpdelicious | 2 Wordpress, Wp Delicious | 2026-04-13 | 5.3 Medium |
| Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.5. | ||||
| CVE-2026-39541 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-04-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.38. | ||||
| CVE-2026-39543 | 2 Themefic, Wordpress | 2 Tourfic, Wordpress | 2026-04-13 | 5.3 Medium |
| Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4. | ||||