Export limit exceeded: 347469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347469 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7292 | 1 O2oa | 1 O2oa | 2026-04-29 | 5.6 Medium |
| A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-7315 | 1 Eiceblue | 1 Spire-pdf-mcp-server | 2026-04-29 | 7.3 High |
| A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-7316 | 1 Eiliyaabedini | 1 Aider-mcp | 2026-04-29 | 7.3 High |
| A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the argument working_dir/editable_files leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-33467 | 1 Elastic | 1 Elastic Package Registry | 2026-04-29 | 5.9 Medium |
| Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing closed. | ||||
| CVE-2026-42513 | 1 Cdac-noida | 2 E-sushrut Hmis, E-sushrut Hospital Management Information System Hmis | 2026-04-29 | N/A |
| This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this vulnerability could allow the attacker to bypass authentication and gain unauthorized access to user accounts on the targeted system. | ||||
| CVE-2026-42515 | 1 Cdac-noida | 2 E-sushrut Hmis, E-sushrut Hospital Management Information System Hmis | 2026-04-29 | N/A |
| This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system. | ||||
| CVE-2026-7309 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2026-04-29 | 4.3 Medium |
| A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic. | ||||
| CVE-2026-7290 | 1 Jeecg | 1 Jeecgboot | 2026-04-29 | 6.3 Medium |
| A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Patch name: a9c8e8eb1185751c4c3c68d2a53f3dadee9edc6b. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2025-22285 | 2026-04-29 | N/A | ||
| Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through <= 1.1.15. | ||||
| CVE-2025-68029 | 2 Wordpress, Wpswings | 2 Wordpress, Wallet System For Woocommerce | 2026-04-29 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through <= 2.7.3. | ||||
| CVE-2025-63030 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3. | ||||
| CVE-2025-22287 | 2026-04-29 | 5.4 Medium | ||
| Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through <= 2.3.11. | ||||
| CVE-2026-40784 | 2 Mahmudul Hasan Arif, Wordpress | 2 Fluentboards, Wordpress | 2026-04-29 | 8.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2. | ||||
| CVE-2026-40742 | 2 Neliosoftware, Wordpress | 2 Nelio Ab Testing, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through <= 8.2.8. | ||||
| CVE-2026-40764 | 2 Syed Balkhi, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-04-29 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2. | ||||
| CVE-2026-39701 | 2 Andrew, Wordpress | 2 Shopwp, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4. | ||||
| CVE-2026-39704 | 2 Nfusionsolutions, Wordpress | 2 Precious Metals Automated Product Pricing – Pro, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/a through <= 4.0.5. | ||||
| CVE-2026-39713 | 2 Mailercloud, Wordpress | 2 Mailercloud – Integrate Webforms And Synchronize Website Contacts, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7. | ||||
| CVE-2026-39689 | 2 Eshipper, Wordpress | 2 Eshipper Commerce, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12. | ||||
| CVE-2026-39712 | 2 Tagdiv, Wordpress | 2 Tagdiv Composer, Wordpress | 2026-04-29 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through <= 5.4.3. | ||||