Export limit exceeded: 347020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46808 | 1 Reputeinfosystems | 1 Armember | 2026-04-28 | 8.2 High |
| A vulnerability in reputeinfosystems ARMember armember-membership.This issue affects ARMember: from n/a through <= 3.4.11. | ||||
| CVE-2022-46804 | 1 Narolainfotech | 1 Export Users Data Distinct | 2026-04-28 | 5.8 Medium |
| A vulnerability in narolainfotech Export Users Data Distinct export-users-data-distinct.This issue affects Export Users Data Distinct: from n/a through <= 1.3. | ||||
| CVE-2022-46803 | 1 Noptin | 1 Noptin | 2026-04-28 | 6.1 Medium |
| A vulnerability in Noptin Newsletter Team Noptin newsletter-optin-box.This issue affects Noptin: from n/a through <= 1.9.5. | ||||
| CVE-2022-46802 | 1 Webtoffee | 1 Product Reviews Import Export For Woocommerce | 2026-04-28 | 6.1 Medium |
| A vulnerability in WebToffee Product Reviews Import Export for WooCommerce product-reviews-import-export-for-woocommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through <= 1.4.8. | ||||
| CVE-2022-46801 | 1 Geminilabs | 1 Site Reviews | 2026-04-28 | 6.1 Medium |
| A vulnerability in Gemini Labs Site Reviews site-reviews.This issue affects Site Reviews: from n/a through <= 6.2.0. | ||||
| CVE-2022-45805 | 1 Paytm | 1 Payment Gateway | 2026-04-28 | 8.2 High |
| A vulnerability in integrationdevpaytm Paytm Payment Gateway paytm-payments.This issue affects Paytm Payment Gateway: from n/a through <= 2.7.3. | ||||
| CVE-2022-45373 | 1 Wp-slimstat | 1 Slimstat Analytics | 2026-04-28 | 8.8 High |
| A vulnerability in VeronaLabs Slimstat Analytics wp-slimstat.This issue affects Slimstat Analytics: from n/a through <= 5.0.4. | ||||
| CVE-2022-45360 | 1 Coffee2code | 1 Commenter Emails | 2026-04-28 | 4.7 Medium |
| A vulnerability in Scott Reilly Commenter Emails commenter-emails.This issue affects Commenter Emails: from n/a through <= 2.6.1. | ||||
| CVE-2022-45357 | 1 Lenderd | 1 1003 Mortgage Application | 2026-04-28 | 6.1 Medium |
| A vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application.This issue affects 1003 Mortgage Application: from n/a through <= 1.75. | ||||
| CVE-2022-45350 | 1 Simple-history | 1 Simple History | 2026-04-28 | 3 Low |
| A vulnerability in Pär Thernström Simple History simple-history.This issue affects Simple History: from n/a through <= 3.3.1. | ||||
| CVE-2022-45348 | 1 Anmari | 1 Amr Users | 2026-04-28 | 5.8 Medium |
| A vulnerability in anmari amr users amr-users.This issue affects amr users: from n/a through <= 4.59.4. | ||||
| CVE-2022-44738 | 1 Patrickrobrecht | 1 Posts And Users Stats | 2026-04-28 | 5.8 Medium |
| A vulnerability in Patrick Robrecht Posts and Users Stats posts-and-users-stats.This issue affects Posts and Users Stats: from n/a through <= 1.1.3. | ||||
| CVE-2022-42882 | 1 Shambix | 1 Simple Csv\/xls Exporter | 2026-04-28 | 5.8 Medium |
| A vulnerability in Duke Simple CSV/XLS Exporter simple-csv-xls-exporter.This issue affects Simple CSV/XLS Exporter: from n/a through <= 1.5.8. | ||||
| CVE-2022-41616 | 1 Kaushikkalathiya | 1 Export Users Data | 2026-04-28 | 7.6 High |
| A vulnerability in Kaushik Export Users Data CSV export-users-data-csv.This issue affects Export Users Data CSV: from n/a through <= 2.1. | ||||
| CVE-2022-38702 | 1 Kigurumi | 1 Csv Exporter | 2026-04-28 | 5.8 Medium |
| A vulnerability in Masahiro NAKASHIMA WP CSV Exporter wp-csv-exporter.This issue affects WP CSV Exporter: from n/a through <= 2.0. | ||||
| CVE-2025-69689 | 1 Rem0o | 1 Fan Control | 2026-04-28 | 8.8 High |
| The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges. | ||||
| CVE-2026-40552 | 2026-04-28 | N/A | ||
| mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remote network resource. Alternatively, it is possible to use a previously uploaded file and change its reference. When the application processes the attachment, and a user tries to open it, the referenced resource is executed by the system. Critically, this vulnerability can be exploited by any unauthenticated attacker by chaining it with CVE-2026-40550 and CVE-2026-40551, which allows obtaining database access, and logging onto any account. This issue affects mpGabinet version 23.12.19 and below. | ||||
| CVE-2026-31485 | 1 Linux | 1 Linux Kernel | 2026-04-28 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue (UAF) There is a teardown order issue in the driver. The SPI controller is registered using devm_spi_register_controller(), which delays unregistration of the SPI controller until after the fsl_lpspi_remove() function returns. As the fsl_lpspi_remove() function synchronously tears down the DMA channels, a running SPI transfer triggers the following NULL pointer dereference due to use after free: | fsl_lpspi 42550000.spi: I/O Error in DMA RX | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [...] | Call trace: | fsl_lpspi_dma_transfer+0x260/0x340 [spi_fsl_lpspi] | fsl_lpspi_transfer_one+0x198/0x448 [spi_fsl_lpspi] | spi_transfer_one_message+0x49c/0x7c8 | __spi_pump_transfer_message+0x120/0x420 | __spi_sync+0x2c4/0x520 | spi_sync+0x34/0x60 | spidev_message+0x20c/0x378 [spidev] | spidev_ioctl+0x398/0x750 [spidev] [...] Switch from devm_spi_register_controller() to spi_register_controller() in fsl_lpspi_probe() and add the corresponding spi_unregister_controller() in fsl_lpspi_remove(). | ||||
| CVE-2026-6706 | 2026-04-28 | N/A | ||
| Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. | ||||
| CVE-2026-40356 | 1 Mit | 1 Kerberos 5 | 2026-04-28 | 5.9 Medium |
| In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message. | ||||