Export limit exceeded: 346948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49952 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-27 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.2.5. | ||||
| CVE-2025-49935 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through < 8.3.2. | ||||
| CVE-2026-21515 | 1 Microsoft | 1 Azure Iot Central | 2026-04-27 | 9.9 Critical |
| Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49931 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through <= 3.5.10. | ||||
| CVE-2025-49926 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2026-04-27 | 7.2 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25. | ||||
| CVE-2025-49925 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2026-04-27 | 7.5 High |
| Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | ||||
| CVE-2026-35901 | 2026-04-27 | 4.4 Medium | ||
| A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition. | ||||
| CVE-2025-49922 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2026-04-27 | 4.3 Medium |
| Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3. | ||||
| CVE-2025-49921 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through <= 3.0.0. | ||||
| CVE-2025-49902 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 6.5 Medium |
| Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page, Custom Design: from n/a through <= 2.1.1. | ||||
| CVE-2025-49398 | 2 Easy-appointments, Wordpress | 2 Easy Appointments, Wordpress | 2026-04-27 | 6.5 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through <= 3.12.14. | ||||
| CVE-2025-49394 | 2 Bplugins, Wordpress | 2 Image Gallery Block, Wordpress | 2026-04-27 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a through <= 1.0.7. | ||||
| CVE-2025-49386 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve-code-formatting allows Object Injection.This issue affects Preserve Code Formatting: from n/a through <= 4.0.1. | ||||
| CVE-2025-49380 | 3 Woocommerce, Wordpress, Wpinstinct | 3 Woocommerce, Wordpress, Woocommerce Vehicle Parts Finder | 2026-04-27 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7. | ||||
| CVE-2025-49378 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-04-27 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.10. | ||||
| CVE-2025-49375 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1. | ||||
| CVE-2025-49374 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through <= 1.0.61. | ||||
| CVE-2025-49376 | 2 Delucks, Wordpress | 2 Delucks Seo, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9. | ||||
| CVE-2026-41313 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-04-27 | 6.5 Medium |
| pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually. | ||||
| CVE-2026-7147 | 2026-04-27 | 7.3 High | ||
| A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base_url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||