Export limit exceeded: 347020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25370 | 2 Aresit, Wordpress | 2 Wp Compress, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through <= 6.60.28. | ||||
| CVE-2026-25387 | 2 Elementor, Wordpress | 2 Image Optimizer By Elementor, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through <= 1.7.1. | ||||
| CVE-2026-25392 | 2 Kaizencoders, Wordpress | 2 Update Urls – Quick And Easy Way To Search Old Links And Replace Them With New Links In Wordpress, Wordpress | 2026-04-24 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.3. | ||||
| CVE-2026-25441 | 2 Leadconnector, Wordpress | 2 Leadconnector, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in varunvairavanlc LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21. | ||||
| CVE-2024-43228 | 2 Secupress, Wordpress | 2 Secupress, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3. | ||||
| CVE-2025-52744 | 2 Inpersttion, Wordpress | 2 Inpersttion For Theme, Wordpress | 2026-04-24 | 7.7 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0. | ||||
| CVE-2025-53217 | 2 Staviravn, Wordpress | 2 Aio Wp Builder, Wordpress | 2026-04-24 | 7.6 High |
| Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2. | ||||
| CVE-2025-67547 | 2 Uixthemes, Wordpress | 2 Konte, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6. | ||||
| CVE-2025-67624 | 2 Arya Dhiratara, Wordpress | 2 Optimize More! – Images, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3. | ||||
| CVE-2025-67973 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.6.2. | ||||
| CVE-2025-67974 | 2 Wordpress, Wplegalpages | 2 Wordpress, Wp Legal Pages | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4. | ||||
| CVE-2025-67975 | 2 Adirectory, Wordpress | 2 Adirectory, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.3. | ||||
| CVE-2025-67977 | 2 Villatheme, Wordpress | 2 Happy, Wordpress | 2026-04-24 | 8.2 High |
| Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8. | ||||
| CVE-2025-67994 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yaycurrency | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3. | ||||
| CVE-2025-68000 | 2 Pickplugins, Wordpress | 2 Testimonial Slider, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | ||||
| CVE-2025-68021 | 2 Conveythis, Wordpress | 2 Conveythis, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.9. | ||||
| CVE-2026-23349 | 1 Linux | 1 Linux Kernel | 2026-04-24 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening because not all the conditional effects bits were cleared. Properly clear all conditional effect bits from ffbit | ||||
| CVE-2026-23350 | 1 Linux | 1 Linux Kernel | 2026-04-24 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list (which is part of guc_id allocation). A damaged queue stored in exec_queue_lookup list would lead to invalid memory reference, sooner or later. Call fini to free guc_id. This must be done before any internal LRCs are freed. Since the finalization with this extra call became very similar to __xe_exec_queue_fini(), reuse that. To make this reuse possible, alter xe_lrc_put() so it can survive NULL parameters, like other similar functions. v2: Reuse _xe_exec_queue_fini(). Make xe_lrc_put() aware of NULLs. (cherry picked from commit 393e5fea6f7d7054abc2c3d97a4cfe8306cd6079) | ||||
| CVE-2026-39384 | 2 Freescout, Freescout Helpdesk | 2 Freescout, Freescout | 2026-04-24 | 7.6 High |
| FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging customers. This vulnerability is fixed in 1.8.212. | ||||
| CVE-2026-23351 | 1 Linux | 1 Linux Kernel | 2026-04-24 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemptible context, triggering soft lockup warnings and RCU stall reports (local denial of service). We must split GC in an unlink and a reclaim phase. We cannot queue elements for freeing until pointers have been swapped. Expired elements are still exposed to both the packet path and userspace dumpers via the live copy of the data structure. call_rcu() does not protect us: dump operations or element lookups starting after call_rcu has fired can still observe the free'd element, unless the commit phase has made enough progress to swap the clone and live pointers before any new reader has picked up the old version. This a similar approach as done recently for the rbtree backend in commit 35f83a75529a ("netfilter: nft_set_rbtree: don't gc elements on insert"). | ||||