Export limit exceeded: 360855 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6852 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8760 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users. | ||||
| CVE-2025-58766 | 1 Dyad | 1 Dyad | 2026-04-15 | 9.1 Critical |
| Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker container protections. An attacker can craft web content that automatically executes when the preview loads. The malicious content can break out of the application's security boundaries and gain control of the system. This has been fixed in Dyad v0.20.0 and later. | ||||
| CVE-2024-57401 | 2026-04-15 | 9.8 Critical | ||
| SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function. | ||||
| CVE-2025-8506 | 1 495300897 | 1 Wx-shop | 2026-04-15 | 3.5 Low |
| A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2023-26877 | 1 Softexpert | 1 Excellence Suite | 2026-04-15 | 6.3 Medium |
| File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint. | ||||
| CVE-2024-40442 | 1 Doccano | 2 Auto Labeling Pipeline, Doccano | 2026-04-15 | 7.2 High |
| An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. | ||||
| CVE-2025-4996 | 1 Intelbras | 1 Rf 301k | 2026-04-15 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-9119 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2026-04-15 | 2.4 Low |
| A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-42895 | 1 Sap | 1 Hana-client | 2026-04-15 | 6.9 Medium |
| Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability of the application. | ||||
| CVE-2025-30085 | 2026-04-15 | N/A | ||
| Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature. | ||||
| CVE-2025-2715 | 2026-04-15 | 3.5 Low | ||
| A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10909 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.3 Medium |
| The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8. | ||||
| CVE-2024-13952 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 8.4 High |
| Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2025-42978 | 2026-04-15 | 3.5 Low | ||
| The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound connection being established to a possibly malicious remote TLS server and hence disclose information. Integrity and Availability are not impacted. | ||||
| CVE-2025-27407 | 1 Redhat | 1 Satellite | 2026-04-15 | 9.1 Critical |
| graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue. | ||||
| CVE-2025-50739 | 1 Omni-tools | 1 Omni-tools | 2026-04-15 | 9.8 Critical |
| iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization. | ||||
| CVE-2025-20365 | 1 Cisco | 4 Aironet, Aironet Access Point, Aironet Access Point Software and 1 more | 2026-04-15 | 4.3 Medium |
| A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected device. This vulnerability is due to a logic error in the processing of IPv6 RA packets that are received from wireless clients. An attacker could exploit this vulnerability by associating to a wireless network and sending a series of crafted IPv6 RA packets. A successful exploit could allow the attacker to temporarily change the IPv6 gateway of an affected device. This could also lead to intermittent packet loss for any wireless clients that are associated with the affected device. | ||||
| CVE-2025-0871 | 2026-04-15 | 3.5 Low | ||
| A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of the argument data_info[content] leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0869 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability was found in Cianet ONU GW24AC up to 20250127. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Login. The manipulation of the argument browserLang leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39017 | 1 Agreejs Shared | 1 Agreejs Shared | 2026-04-15 | 9.8 Critical |
| agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||