Export limit exceeded: 346348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66428 | 1 Plesk | 1 Obsidian | 2026-04-15 | 8.8 High |
| An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation. | ||||
| CVE-2023-42433 | 1 Intel | 1 Endurance Gaming Mode Software Installers | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-11326 | 2026-04-15 | 6.1 Medium | ||
| The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-66431 | 1 Plesk | 1 Plesk | 2026-04-15 | 7.8 High |
| WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management." | ||||
| CVE-2021-4455 | 2026-04-15 | 9.8 Critical | ||
| The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2023-42667 | 1 Intel | 1 Core Ultra Processor | 2026-04-15 | 7.8 High |
| Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-11329 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-42668 | 1 Intel | 1 62x Chipset | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-12170 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-11337 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Horoscope And Tarot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'divine_horoscope' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12160 | 2026-04-15 | 6.1 Medium | ||
| The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-41092 | 2026-04-15 | 7.6 High | ||
| Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-60240 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6. | ||||
| CVE-2024-11280 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2023-41082 | 2026-04-15 | 4.4 Medium | ||
| Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-40747 | 1 Aki | 5 Pmman.exe\/enterprise Edition\/, Pmman.exe\/pro Edition\/, Pmman.exe\/pro Plus Imap4 Edition\/ and 2 more | 2026-04-15 | 7.5 High |
| Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot. | ||||
| CVE-2024-11275 | 2026-04-15 | 4.3 Medium | ||
| The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users. | ||||
| CVE-2023-40702 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2026-04-15 | N/A |
| PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials. | ||||
| CVE-2023-40679 | 2 Jeweltheme, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3. | ||||
| CVE-2025-60214 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through < 1.3.0. | ||||