Export limit exceeded: 347144 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347144 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347144 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41650 | 2 Paul, Wordpress | 2 Custom Content By Country (by Shield Security), Wordpress | 2026-04-28 | 6.5 Medium |
| Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2. | ||||
| CVE-2022-41616 | 1 Kaushikkalathiya | 1 Export Users Data | 2026-04-28 | 7.6 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | ||||
| CVE-2022-40211 | 1 Givewp | 1 Givewp | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. | ||||
| CVE-2022-38702 | 1 Kigurumi | 1 Csv Exporter | 2026-04-28 | 5.8 Medium |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | ||||
| CVE-2025-24153 | 1 Apple | 1 Macos | 2026-04-28 | 6.7 Medium |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app with root privileges may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2025-24115 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to read files outside of its sandbox. | ||||
| CVE-2025-24103 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access protected user data. | ||||
| CVE-2025-24257 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-28 | 7.1 High |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2025-24240 | 1 Apple | 1 Macos | 2026-04-28 | 4.7 Medium |
| A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data. | ||||
| CVE-2025-30429 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 6.3 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox. | ||||
| CVE-2025-30444 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination. | ||||
| CVE-2025-24276 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information. | ||||
| CVE-2025-24247 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker may be able to cause unexpected app termination. | ||||
| CVE-2025-24226 | 1 Apple | 1 Xcode | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information. | ||||
| CVE-2025-24231 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-24196 | 1 Apple | 1 Macos | 2026-04-28 | 8.8 High |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory. | ||||
| CVE-2025-24250 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app acting as a HTTPS proxy could get access to sensitive user data. | ||||
| CVE-2025-30461 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. | ||||
| CVE-2025-30456 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-28 | 7.8 High |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges. | ||||
| CVE-2026-7305 | 1 Xuxueli | 1 Xxl-job | 2026-04-28 | 6.3 Medium |
| A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. There is ongoing doubt regarding the real existence of this vulnerability. The project maintainer explains (translated from Chinese): "Triggers are manually activated and involve login and access control, thus requiring management." The pull request by the researcher got rejected because of that. | ||||