Export limit exceeded: 345280 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345280 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36636 | 1 Tenable | 1 Security Center | 2026-04-15 | 4.3 Medium |
| In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope. | ||||
| CVE-2025-60148 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Download: from n/a through <= 2.0.9. | ||||
| CVE-2025-31796 | 2026-04-15 | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in TheInnovs ElementsCSS Addons for Elementor css-for-elementor allows Server Side Request Forgery.This issue affects ElementsCSS Addons for Elementor: from n/a through <= 1.0.8.9. | ||||
| CVE-2025-60149 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps Notely notely allows Stored XSS.This issue affects Notely: from n/a through <= 1.8.0. | ||||
| CVE-2025-31802 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiptimize for WooCommerce: from n/a through <= 3.1.86. | ||||
| CVE-2025-60150 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows PHP Local File Inclusion.This issue affects Subscribe to Download: from n/a through <= 2.0.9. | ||||
| CVE-2025-31807 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CloudRedux Product Notices for WooCommerce product-notices-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Notices for WooCommerce: from n/a through <= 1.3.4. | ||||
| CVE-2017-20198 | 2026-04-15 | N/A | ||
| The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement. | ||||
| CVE-2025-31809 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Labinator Labinator Content Types Duplicator labinator-content-types-duplicator allows Cross Site Request Forgery.This issue affects Labinator Content Types Duplicator: from n/a through <= 1.1.3. | ||||
| CVE-2025-32057 | 1 Bosch | 1 Infotainment System Ecu | 2026-04-15 | 6.5 Medium |
| The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate. First identified on Nissan Leaf ZE1 manufactured in 2020. | ||||
| CVE-2025-9902 | 2026-04-15 | 7.5 High | ||
| Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025. | ||||
| CVE-2025-31811 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtreeme Planyo online reservation system planyo-online-reservation-system allows Stored XSS.This issue affects Planyo online reservation system: from n/a through <= 3.1. | ||||
| CVE-2025-31812 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas BuddyPress Members Only buddypress-members-only allows Stored XSS.This issue affects BuddyPress Members Only: from n/a through <= 3.5.3. | ||||
| CVE-2025-13704 | 2 Amirshk, Wordpress | 2 Autogen Headers Menu, Wordpress | 2026-04-15 | 6.4 Medium |
| The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head_class' parameter of the 'autogen_menu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-31813 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Website366.com WPSHARE247 Elementor Addons wpshare247-elementor-addons allows Stored XSS.This issue affects WPSHARE247 Elementor Addons: from n/a through <= 2.5. | ||||
| CVE-2025-31816 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in pietro Mobile App Canvas mobile-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile App Canvas: from n/a through <= 3.8.2. | ||||
| CVE-2025-31817 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWheels BlockWheels blockwheels allows DOM-Based XSS.This issue affects BlockWheels: from n/a through <= 1.0.2. | ||||
| CVE-2025-31818 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ContentBot.ai ContentBot AI Writer content-bot allows Stored XSS.This issue affects ContentBot AI Writer: from n/a through <= 1.2.4. | ||||
| CVE-2025-31819 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks.This issue affects Nova Blocks: from n/a through <= 2.1.8. | ||||
| CVE-2025-31820 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.4. | ||||