Export limit exceeded: 333377 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333377 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32445 | 2 Elementor, Wordpress | 2 Elementor Website Builder, Wordpress | 2026-03-16 | 2.7 Low |
| Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5. | ||||
| CVE-2026-32396 | 2 Radiustheme, Wordpress | 2 Team, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13. | ||||
| CVE-2026-32449 | 2 Themifyme, Wordpress | 2 Themify Event Post, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4. | ||||
| CVE-2026-32451 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-03-16 | 6.3 Medium |
| Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0. | ||||
| CVE-2026-32452 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0. | ||||
| CVE-2026-32453 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0. | ||||
| CVE-2026-32454 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0. | ||||
| CVE-2026-32456 | 2 Janis Elsts, Wordpress | 2 Admin Menu Editor, Wordpress | 2026-03-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1. | ||||
| CVE-2026-32458 | 2 Realmag777, Wordpress | 2 Wolf, Wordpress | 2026-03-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7. | ||||
| CVE-2026-32459 | 2 Flycart, Wordpress | 2 Upsellwp, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4. | ||||
| CVE-2026-32486 | 2 Wordpress, Wptravelengine | 2 Wordpress, Travel Booking | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9. | ||||
| CVE-2026-32487 | 2 Rarathemes, Wordpress | 2 Lawyer Landing Page, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7. | ||||
| CVE-2026-32344 | 2 Desertthemes, Wordpress | 2 Corpiva, Wordpress | 2026-03-16 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96. | ||||
| CVE-2026-32387 | 2 Noorsplugin, Wordpress | 2 Checkout For Paypal, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46. | ||||
| CVE-2026-32397 | 2 Wordpress, Ymc-22 | 2 Wordpress, Filter & Grids | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1. | ||||
| CVE-2026-32745 | 1 Jetbrains | 1 Datalore | 2026-03-16 | 6.3 Medium |
| In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings | ||||
| CVE-2025-13459 | 1 Ibm | 1 Aspera Console | 2026-03-16 | 2.7 Low |
| IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. | ||||
| CVE-2026-3999 | 1 Pointsharp | 1 Id Server | 2026-03-16 | N/A |
| A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations. | ||||
| CVE-2026-4092 | 1 Google | 1 Clasp | 2026-03-16 | N/A |
| Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences. | ||||
| CVE-2025-10461 | 1 Softing | 2 Smartlink Sw-ht, Smartlink Sw-pn | 2026-03-16 | N/A |
| Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03. | ||||