Export limit exceeded: 347094 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347094 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347094 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36355 | 1 Easy Org Chart Project | 1 Easy Org Chart | 2026-04-28 | 5.4 Medium |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. | ||||
| CVE-2022-36352 | 1 Metagauss | 1 Profilegrid | 2026-04-28 | 6.3 Medium |
| Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. | ||||
| CVE-2022-36356 | 1 Culture Object Project | 1 Culture Object | 2026-04-28 | 4.8 Medium |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress. | ||||
| CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2026-04-28 | 7.2 High |
| Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | ||||
| CVE-2022-35726 | 1 Yotuwp | 1 Video Gallery | 2026-04-28 | 4.3 Medium |
| Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. | ||||
| CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2026-04-28 | 8.8 High |
| Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | ||||
| CVE-2022-34839 | 1 Codexshaper | 1 Wp Oauth2 Server | 2026-04-28 | 5.9 Medium |
| Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. | ||||
| CVE-2022-34344 | 1 Rymera | 1 Wholesale Suite | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5. | ||||
| CVE-2022-34155 | 1 Miniorange | 1 Oauth Single Sign On | 2026-04-28 | 8.8 High |
| Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | ||||
| CVE-2022-33191 | 1 Testimonials Project | 1 Testimonials | 2026-04-28 | 4.1 Medium |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress. | ||||
| CVE-2022-33201 | 1 Mailerlite | 1 Mailerlite Signup Forms | 2026-04-28 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. | ||||
| CVE-2022-33900 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-28 | 4.1 Medium |
| PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | ||||
| CVE-2022-31474 | 1 Ithemes | 1 Backupbuddy | 2026-04-28 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | ||||
| CVE-2022-29420 | 1 Edmonsoft | 1 Countdown Builder | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. | ||||
| CVE-2022-25613 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2026-04-28 | 4.1 Medium |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | ||||
| CVE-2021-36898 | 1 Expresstech | 1 Quiz And Survey Master | 2026-04-28 | 7.5 High |
| Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | ||||
| CVE-2026-38949 | 2026-04-28 | N/A | ||
| Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code | ||||
| CVE-2026-35245 | 1 Oracle | 1 Vm Virtualbox | 2026-04-28 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2026-35250 | 1 Oracle | 1 Vm Virtualbox | 2026-04-28 | 2.3 Low |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2026-22747 | 2 Spring, Vmware | 2 Spring Security, Spring Security | 2026-04-28 | 6.8 Medium |
| Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4. | ||||