Export limit exceeded: 345450 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345450 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1083 | 1 Welotec | 5 Tk515l, Tk525l, Tk525u and 2 more | 2026-04-15 | 9.8 Critical |
| An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | ||||
| CVE-2023-1000 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-12257 | 2026-04-15 | 6.1 Medium | ||
| The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2022-50979 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 6.5 Medium |
| An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485). | ||||
| CVE-2025-66143 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10. | ||||
| CVE-2024-10846 | 2026-04-15 | 5.9 Medium | ||
| The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included | ||||
| CVE-2022-50978 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP). | ||||
| CVE-2024-12508 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofox_lead_capture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10837 | 2026-04-15 | 6.1 Medium | ||
| The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2022-50977 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP. | ||||
| CVE-2024-10832 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Posti Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the account_number and secret_key parameters in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2022-50975 | 2 Avibia, Innomic | 20 Avibialine Avlx1 Hd, Avibialine Avlx2 Hd, Avibialine Avlx4 Hd and 17 more | 2026-04-15 | 8.8 High |
| An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled. | ||||
| CVE-2024-52616 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-04-15 | 5.3 Medium |
| A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. | ||||
| CVE-2024-12202 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-12172 | 2026-04-15 | 7.5 High | ||
| The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary user's metadata which can be levereged to block an administrator from accessing their site when wp_capabilities is set to 0. | ||||
| CVE-2024-10963 | 1 Redhat | 4 Enterprise Linux, Openshift, Openshift Ai and 1 more | 2026-04-15 | 7.4 High |
| A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. | ||||
| CVE-2025-66141 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2. | ||||
| CVE-2024-10821 | 2026-04-15 | N/A | ||
| A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and a complete denial of service for all users. The affected endpoint is `/api/v1/images/upload`. | ||||
| CVE-2022-50951 | 1 Smarterdroid | 1 Wifi File Transfer | 2026-04-15 | 6.4 Medium |
| WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions. | ||||
| CVE-2025-66129 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0. | ||||