Export limit exceeded: 347233 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347233 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44142 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 5.4 Medium |
| Missing Authorization vulnerability in Deepen Bajracharya Inactive Logout inactive-logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through <= 3.2.2. | ||||
| CVE-2023-46073 | 2026-04-29 | 5.3 Medium | ||
| Missing Authorization vulnerability in Mario Peshev DX Delete Attached Media dx-delete-attached-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Delete Attached Media: from n/a through <= 2.0.5.1. | ||||
| CVE-2023-45074 | 1 Pagevisitcounter | 1 Advanced Page Visit Counter | 2026-04-29 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1. | ||||
| CVE-2023-45069 | 1 Total-soft | 1 Video Gallery | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. | ||||
| CVE-2023-45104 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Betterlinks | 2026-04-29 | 7.3 High |
| Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through <= 1.6.0. | ||||
| CVE-2023-45045 | 2026-04-29 | 5.4 Medium | ||
| Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through <= 1.2.5. | ||||
| CVE-2023-45055 | 1 Inspireui | 1 Mstore Api | 2026-04-29 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6. | ||||
| CVE-2023-45760 | 1 Gvectors | 1 Wpdiscuz | 2026-04-29 | 4.3 Medium |
| Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3. | ||||
| CVE-2023-45271 | 2026-04-29 | 4.3 Medium | ||
| Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through <= 2.7.8. | ||||
| CVE-2023-33215 | 2 Taggbox, Wordpress | 2 Taggbox, Wordpress | 2026-04-29 | 5.4 Medium |
| Missing Authorization vulnerability in Taggbox Taggbox taggbox-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through <= 3.3. | ||||
| CVE-2023-45061 | 2026-04-29 | 5.3 Medium | ||
| Missing Authorization vulnerability in awsm.in WP Job Openings wp-job-openings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Openings: from n/a through <= 3.4.1. | ||||
| CVE-2023-40334 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2026-04-29 | 4.3 Medium |
| Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2. | ||||
| CVE-2023-39920 | 2026-04-29 | 7.5 High | ||
| Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through <= 2.9.2. | ||||
| CVE-2026-42518 | 1 Cdac-noida | 1 E-sushrut Hospital Management Information System Hmis | 2026-04-29 | N/A |
| This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic keys. Successful exploitation of this vulnerability could lead to exposure of sensitive data and compromise of cryptographic protections on the targeted system. | ||||
| CVE-2026-3325 | 2026-04-29 | N/A | ||
| SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “id_territorio” parameter, used immediately after the registration form is submitted, could be manipulated by an unauthenticated attacker to execute arbitrary SQL queries. | ||||
| CVE-2026-24070 | 3 Apple, Native-instruments, Native Instruments | 3 Macos, Native Access, Native Access | 2026-04-29 | 8.8 High |
| During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC service of the privileged helper is only allowed if the client process is signed with the corresponding certificate and fulfills the following code signing requirement: "anchor trusted and certificate leaf[subject.CN] = \"Developer ID Application: Native Instruments GmbH (83K5EG6Z9V)\"" The Native Access application was found to be signed with the `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` entitlements leading to DYLIB injection and therefore command execution in the context of this application. A low privileged user can exploit the DYLIB injection to trigger functions of the privileged helper XPC service resulting in privilege escalation by first deleting the /etc/sudoers file and then copying a malicious version of that file to /etc/sudoers. | ||||
| CVE-2026-42517 | 1 Cdac-noida | 1 E-sushrut Hospital Management Information System Hmis | 2026-04-29 | N/A |
| This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive information on the targeted system. | ||||
| CVE-2026-42516 | 1 Cdac-noida | 1 E-sushrut Hospital Management Information System Hmis | 2026-04-29 | N/A |
| This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system. | ||||
| CVE-2025-10503 | 1 Wso2 | 1 Wso2 Identity Server | 2026-04-29 | 6.1 Medium |
| The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this vulnerability to redirect the user's browser to a malicious website, modify the user interface of the web page, retrieve information from the browser, or cause other harmful actions. However, due to the protection of session-related cookies with the httpOnly flag, session hijacking is not possible. | ||||
| CVE-2026-35155 | 1 Dell | 1 Idrac10 | 2026-04-29 | 7.1 High |
| Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access. | ||||