Export limit exceeded: 79366 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79366 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39362 | 2 Inventree, Inventree Project | 2 Inventree, Inventree | 2026-04-21 | 7.1 High |
| InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DOWNLOAD_FROM_URL is enabled (opt-in), authenticated users can supply remote_image URLs that are fetched server-side via requests.get() with only Django's URLValidator check. There is no validation against private IP ranges or internal hostnames. Redirects are followed (allow_redirects=True), enabling bypass of any URL-format checks. This vulnerability is fixed in 1.2.7 and 1.3.0. | ||||
| CVE-2026-35476 | 2 Inventree, Inventree Project | 2 Inventree, Inventree | 2026-04-21 | 7.2 High |
| InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly configured, allowing any user to change their staff status. This vulnerability is fixed in 1.2.7 and 1.3.0. | ||||
| CVE-2026-32228 | 1 Apache | 1 Airflow | 2026-04-21 | 7.5 High |
| UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue. | ||||
| CVE-2023-27351 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2026-04-21 | 7.5 High |
| This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226. | ||||
| CVE-2026-20128 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-04-21 | 7.5 High |
| A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability. | ||||
| CVE-2024-27199 | 1 Jetbrains | 1 Teamcity | 2026-04-21 | 7.3 High |
| In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | ||||
| CVE-2026-41082 | 1 Ocaml | 1 Ocaml | 2026-04-21 | 7.3 High |
| In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | ||||
| CVE-2026-3308 | 1 Artifex | 1 Mupdf | 2026-04-21 | 7.8 High |
| An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution. | ||||
| CVE-2023-4379 | 1 Gitlab | 1 Gitlab | 2026-04-21 | 8.1 High |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. | ||||
| CVE-2025-6718 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 8.8 High |
| The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands. | ||||
| CVE-2025-7645 | 2026-04-21 | 8.1 High | ||
| The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, when an administrator deletes the submission, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-7640 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 8.1 High |
| The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to missing or incorrect nonce validation on the tool-dashboard-history.php file. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php), via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-6989 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 8.1 High |
| The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary folders on the server. | ||||
| CVE-2025-8213 | 2 Nintechnet, Wordpress | 2 Ninjascanner, Wordpress | 2026-04-21 | 7.2 High |
| The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' and 'nscan_quarantine_select' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, including files outside the WordPress root directory. | ||||
| CVE-2025-7443 | 2 Berqier, Wordpress | 2 Berqwp, Wordpress | 2026-04-21 | 8.1 High |
| The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-7036 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 7.5 High |
| The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1.5.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2025-49059 may be a duplicate of this issue. | ||||
| CVE-2025-8420 | 2 Emarketdesign, Wordpress | 2 Request A Quote, Wordpress | 2026-04-21 | 8.1 High |
| Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called | ||||
| CVE-2025-8342 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2026-04-21 | 8.1 High |
| The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured. | ||||
| CVE-2025-8142 | 2 Pencidesign, Wordpress | 2 Soledad, Wordpress | 2026-04-21 | 8.8 High |
| The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2025-5060 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 8.1 High |
| The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email. | ||||