Export limit exceeded: 344976 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344976 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344976 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26731 | 1 Totolink | 3 A3002ru, A3002ru-v2, A3002ru Firmware | 2026-04-16 | 8 High |
| TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function. | ||||
| CVE-2026-26732 | 1 Totolink | 3 A3002ru, A3002ru-v2, A3002ru Firmware | 2026-04-16 | 8.8 High |
| TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function. | ||||
| CVE-2026-24733 | 2 Apache, Apache Tomcat | 2 Tomcat, Apache Tomcat | 2026-04-16 | 6.5 Medium |
| Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue. | ||||
| CVE-2026-24734 | 2 Apache, Apache Tomcat | 3 Tomcat, Tomcat Native, Apache Tomcat | 2026-04-16 | 7.4 High |
| Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected. Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue. Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue. | ||||
| CVE-2026-1405 | 2 Franchidesign, Wordpress | 2 Slider Future, Wordpress | 2026-04-16 | 9.8 Critical |
| The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2026-1047 | 2 Goback2, Wordpress | 2 Salavat Counter Plugin, Wordpress | 2026-04-16 | 4.4 Medium |
| The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_url' parameter in all versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-22333 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Compare | 2026-04-16 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0. | ||||
| CVE-2026-22422 | 2 Wordpress, Wpeverest | 2 Wordpress, Everest Forms | 2026-04-16 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1. | ||||
| CVE-2026-23541 | 2 Getwpfunnels, Wordpress | 2 Mail Mint, Wordpress | 2026-04-16 | N/A |
| Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4. | ||||
| CVE-2026-23545 | 2 Arubadev, Wordpress | 2 Aruba Hispeed Cache, Wordpress | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4. | ||||
| CVE-2026-23547 | 2 Cmsmasters, Wordpress | 2 Cmsmasters Content Composer, Wordpress | 2026-04-16 | 7.1 High |
| Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8. | ||||
| CVE-2026-23549 | 2 Magepeopleteam, Wordpress | 2 Wpevently, Wordpress | 2026-04-16 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1. | ||||
| CVE-2026-23804 | 2 Bbr Plugins, Wordpress | 2 Better Business Reviews, Wordpress | 2026-04-16 | 5.4 Medium |
| Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1. | ||||
| CVE-2026-23805 | 2 Wordpress, Yoren Chang | 2 Wordpress, Media Search Enhanced | 2026-04-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1. | ||||
| CVE-2026-25006 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2026-04-16 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4. | ||||
| CVE-2026-25008 | 2 Shahjahan Jewel, Wordpress | 2 Ninja Tables, Wordpress | 2026-04-16 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5. | ||||
| CVE-2026-25316 | 2 Brainstormforce, Wordpress | 2 Cartflows, Wordpress | 2026-04-16 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19. | ||||
| CVE-2026-25318 | 2 Wisernotify Team, Wordpress | 2 Wiserreview Product Reviews For Woocommerce, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9. | ||||
| CVE-2026-25319 | 2 Wordpress, Wpzita | 2 Wordpress, Zita Elementor Site Library | 2026-04-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a through <= 1.6.6. | ||||
| CVE-2026-25321 | 2 Psm Plugins, Wordpress | 2 Supportcandy, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4. | ||||