Export limit exceeded: 345573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345573 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15057 | 2 Wordpress, Wp-slimstat | 2 Wordpress, Slimstat Analytics | 2026-04-21 | 7.2 High |
| The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the database. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator views the Real-time Access Log report. | ||||
| CVE-2025-13628 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-21 | 4.3 Medium |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulk_action_handler' and 'coupon_permanent_delete' functions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with subscriber level access and above, to delete, activate, deactivate, or trash arbitrary coupons. | ||||
| CVE-2025-13853 | 2 Lnbadmin1, Wordpress | 2 Nearby Now Reviews, Wordpress | 2026-04-21 | 6.4 Medium |
| The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data_tech' parameter of the nn-tech shortcode in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-13854 | 2 Soniz, Wordpress | 2 Curved Text, Wordpress | 2026-04-21 | 6.4 Medium |
| The Curved Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'radius' parameter of the arctext shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-6751 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | ||||
| CVE-2026-6753 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | ||||
| CVE-2026-6754 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10. | ||||
| CVE-2026-6756 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. | ||||
| CVE-2026-6758 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150. | ||||
| CVE-2026-6760 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150. | ||||
| CVE-2026-6761 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | ||||
| CVE-2026-6770 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | ||||
| CVE-2026-6771 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | ||||
| CVE-2026-6772 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10. | ||||
| CVE-2026-6773 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150. | ||||
| CVE-2026-6775 | 1 Mozilla | 1 Firefox | 2026-04-21 | N/A |
| Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150. | ||||
| CVE-2019-25644 | 2 Direct-soft, Winmpg | 2 Winmpg Video Convert, Winmpg Video Convert Local Dos Exploit | 2026-04-21 | 6.2 Medium |
| WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition. | ||||
| CVE-2026-6703 | 2026-04-21 | 4.3 Medium | ||
| The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to modify global site-wide plugin configuration options, including toggling custom CSS, disabling blocks, changing layout defaults such as content width, container padding, and container gap, and altering auto-block-recovery behavior. | ||||
| CVE-2026-4775 | 3 Debian, Libtiff, Redhat | 5 Debian Linux, Libtiff, Enterprise Linux and 2 more | 2026-04-21 | 7.8 High |
| A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution. | ||||
| CVE-2026-33809 | 1 Golang | 2 Image, Tiff | 2026-04-21 | 5.3 Medium |
| A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error. | ||||