Export limit exceeded: 346095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346095 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6711 | 2 Ryhowa, Wordpress | 2 Website Llms.txt, Wordpress | 2026-04-22 | 6.1 Medium |
| The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() without a sanitization filter and insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-13826 | 1 Zervit | 2 Portable Http/web Server, Portable Http Web Server | 2026-04-22 | N/A |
| Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is successfully exploited, the application can be made to stop responding, resulting in a DoS condition. It is possible to manually restart the application. | ||||
| CVE-2026-3317 | 1 Navigate | 1 Navigate Cms | 2026-04-22 | N/A |
| Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker to execute JavaScript code in the victim's browser. | ||||
| CVE-2026-39467 | 2 Metaslider, Wordpress | 2 Responsive Slider By Metaslider, Wordpress | 2026-04-22 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0. | ||||
| CVE-2026-6553 | 1 Typo3 | 1 Typo3 | 2026-04-22 | N/A |
| Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0. | ||||
| CVE-2026-41037 | 1 Quantum Networks | 1 Router Qn-i-470 | 2026-04-22 | N/A |
| This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device. | ||||
| CVE-2026-41036 | 1 Quantum Networks | 1 Router Qn-i-470 | 2026-04-22 | N/A |
| This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device. | ||||
| CVE-2026-41038 | 1 Quantum Networks | 1 Router Qn-i-470 | 2026-04-22 | N/A |
| This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to unauthorized access to the targeted device. | ||||
| CVE-2026-41039 | 1 Quantum Networks | 1 Router Qn-i-470 | 2026-04-22 | N/A |
| This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful exploitation of this vulnerability could allow the attacker to access sensitive information, including internal endpoints, scripts and directories on the targeted device. | ||||
| CVE-2025-1241 | 1 Fortra | 1 Goanywhere Mft | 2026-04-22 | 5.8 Medium |
| Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data. | ||||
| CVE-2025-14362 | 1 Fortra | 1 Goanywhere Mft | 2026-04-22 | 7.3 High |
| The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force. | ||||
| CVE-2026-0971 | 1 Fortra | 1 Goanywhere Mft | 2026-04-22 | 4.3 Medium |
| An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page. | ||||
| CVE-2026-1089 | 1 Fortra | 1 Goanywhere Mft | 2026-04-22 | 6.5 Medium |
| User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure. | ||||
| CVE-2025-31981 | 1 Hcltech | 1 Bigfix Service Management | 2026-04-22 | 5.3 Medium |
| HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data. | ||||
| CVE-2025-41029 | 1 Zeon Global Tech | 1 Zeon Academy Pro | 2026-04-22 | N/A |
| SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'. | ||||
| CVE-2025-41011 | 1 Phppointofsale | 1 Php Point Of Sale | 2026-04-22 | N/A |
| HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' parameters. | ||||
| CVE-2019-25714 | 1 Seeyon Internet Software | 2 A8+ Collaborative Management Software, A8-v5 Collaborative Management Software | 2026-04-22 | N/A |
| Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC). | ||||
| CVE-2026-24176 | 1 Nvidia | 1 Kai Scheduler | 2026-04-22 | 4.3 Medium |
| NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering. | ||||
| CVE-2026-24177 | 1 Nvidia | 1 Kai Scheduler | 2026-04-22 | 7.7 High |
| NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2026-24189 | 1 Nvidia | 1 Cuda-q | 2026-04-22 | 8.2 High |
| NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure. | ||||