Export limit exceeded: 346329 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346329 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346329 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40297 | 1 Stakater | 1 Forecastle | 2026-04-15 | 7.5 High |
| Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component. | ||||
| CVE-2024-11218 | 1 Redhat | 7 Enterprise Linux, Openshift, Openshift Ironic and 4 more | 2026-04-15 | 8.6 High |
| A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. | ||||
| CVE-2024-13391 | 2026-04-15 | 6.4 Medium | ||
| The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_content_upload_guest' shortcode in all versions up to, and including, 2.9.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-11216 | 2026-04-15 | 7.6 High | ||
| Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking.This issue affects Pik Online: before 3.1.5. | ||||
| CVE-2023-4017 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-40160 | 2026-04-15 | 3.7 Low | ||
| Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server. | ||||
| CVE-2025-1260 | 1 Arista | 1 Eos | 2026-04-15 | 9.1 Critical |
| On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch. | ||||
| CVE-2024-11201 | 2026-04-15 | 6.4 Medium | ||
| The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-40155 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-3301 | 2026-04-15 | N/A | ||
| DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to use the impacted crypto curves and operations with ephemeral keys to reduce the number of DPA traces that can be collected. | ||||
| CVE-2025-1259 | 2026-04-15 | 7.7 High | ||
| On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available | ||||
| CVE-2024-2797 | 2026-04-15 | 5.3 Medium | ||
| The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to allow lower level users to modify forms. | ||||
| CVE-2023-39933 | 2026-04-15 | 4.3 Medium | ||
| Insufficient verification vulnerability exists in Broadcast Mail CGI (pmc.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server's execution privilege. | ||||
| CVE-2023-39929 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-60209 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.6. | ||||
| CVE-2023-3943 | 2026-04-15 | 10 Critical | ||
| Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others. | ||||
| CVE-2023-33923 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0. | ||||
| CVE-2024-11029 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.5 Medium |
| A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials. | ||||
| CVE-2024-11032 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-34049 | 1 Salt Project | 1 Salt | 2026-04-15 | 6.7 Medium |
| The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails. | ||||