Export limit exceeded: 347167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25452 | 2 Wordpress, Wpdo | 2 Wordpress, Remoji | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through <= 2.2. | ||||
| CVE-2026-25398 | 2 Webilia, Wordpress | 2 Vertex Addons For Elementor, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through <= 1.6.4. | ||||
| CVE-2026-25382 | 2 Jwsthemes, Wordpress | 2 Idealauto, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through < 3.8.6. | ||||
| CVE-2026-4900 | 1 Code-projects | 1 Online Food Ordering System | 2026-04-24 | 5.3 Medium |
| A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings. | ||||
| CVE-2026-4899 | 1 Code-projects | 1 Online Food Ordering System | 2026-04-24 | 2.4 Low |
| A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argument cuisines results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-4842 | 1 Itsourcecode | 1 Online Enrollment System | 2026-04-24 | 7.3 High |
| A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-4830 | 1 Kalcaddle | 1 Kodbox | 2026-04-24 | 5.6 Medium |
| A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-32537 | 2 Visualportfolio, Wordpress | 2 Visual Portfolio, Photo Gallery & Post Grid, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through <= 3.5.1. | ||||
| CVE-2026-32520 | 2 Andrew Munro / Affiliatewp, Wordpress | 2 Rewardswp, Wordpress | 2026-04-24 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4. | ||||
| CVE-2026-25464 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.4. | ||||
| CVE-2026-25380 | 2 Jwsthemes, Wordpress | 2 Feedy, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Feedy feedy allows PHP Local File Inclusion.This issue affects Feedy: from n/a through < 2.1.5. | ||||
| CVE-2026-4955 | 1 Shenzhen Ruiming Technology | 1 Streamax Crocus | 2026-04-24 | 7.3 High |
| A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4954 | 1 Mingsoft | 1 Mcms | 2026-04-24 | 6.3 Medium |
| A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-25413 | 2 Iqonicdesign, Wordpress | 2 Wpbookit Pro, Wordpress | 2026-04-24 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | ||||
| CVE-2026-4876 | 1 Itsourcecode | 1 Free Hotel Reservation System | 2026-04-24 | 6.3 Medium |
| A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2026-25462 | 2 Avalex, Wordpress | 2 Avalex, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3. | ||||
| CVE-2026-27075 | 2 Mikado-themes, Wordpress | 2 Belfort, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0. | ||||
| CVE-2026-32482 | 2 Deothemes, Wordpress | 2 Ona, Wordpress | 2026-04-24 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24. | ||||
| CVE-2026-25456 | 2 Aarsiv Groups, Wordpress | 2 Automated Fedex Live/manual Rates With Shipping Labels, Wordpress | 2026-04-24 | 7.3 High |
| Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through <= 5.1.9. | ||||
| CVE-2026-32524 | 2 Jordy Meow, Wordpress | 2 Photo Engine, Wordpress | 2026-04-24 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9. | ||||