Export limit exceeded: 338433 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338433 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23500 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2026-04-01 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19. | ||||
| CVE-2024-22307 | 1 Wplab | 1 Wp-lister Lite For Ebay | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.5.7. | ||||
| CVE-2024-22289 | 1 Cybernetikz | 1 Post Views Stats | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberNetikz Post views Stats post-views-stats allows DOM-Based XSS.This issue affects Post views Stats: from n/a through <= 1.4.1. | ||||
| CVE-2024-22145 | 1 Instawp | 1 Instawp Connect | 2026-04-01 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | ||||
| CVE-2024-21746 | 1 Wpmet | 1 Wp Ultimate Review | 2026-04-01 | 7.5 High |
| Authentication Bypass by Spoofing vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Identity Spoofing.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6. | ||||
| CVE-2024-1435 | 1 Tainacan | 1 Tainacan | 2026-04-01 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.6. | ||||
| CVE-2024-11620 | 1 Rank Math Seo | 1 Rank Math Seo | 2026-04-01 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Code Injection.This issue affects Rank Math SEO: from n/a through <= 1.0.231. | ||||
| CVE-2024-11402 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kubiq Block Editor Bootstrap Blocks block-editor-bootstrap-blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through <= 6.6.1. | ||||
| CVE-2024-10676 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wojciechborowicz Conversion Helper conversion-helper allows Reflected XSS.This issue affects Conversion Helper: from n/a through <= 1.12. | ||||
| CVE-2026-28788 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-04-01 | 7.1 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via `GET /api/v1/knowledge/{id}/files` and then overwrite those files, escalating from read to write. The overwritten content is served to the LLM via RAG, meaning the attacker controls what the model tells other users. Version 0.8.6 patches the issue. | ||||
| CVE-2023-6080 | 2 Lakeside Software, Lakesidesoftware | 2 Systrack Lsiagent Installer, Systrack Lsiagent | 2026-04-01 | 7.8 High |
| Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access. | ||||
| CVE-2025-54743 | 2 Mkscripts, Wordpress | 2 Download After Email, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6. | ||||
| CVE-2026-2480 | 2026-04-01 | 6.4 Medium | ||
| The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute of the `su_box` shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-2394 | 1 Rti | 1 Connext Professional | 2026-04-01 | N/A |
| Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | ||||
| CVE-2026-1001 | 1 Domoticz | 1 Domoticz | 2026-04-01 | 4.8 Medium |
| Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attackers can inject malicious code that is stored and rendered without proper output encoding, causing script execution in the browsers of users viewing the affected page and enabling unauthorized actions within their session context. | ||||
| CVE-2025-70033 | 2 Sunbird, Sunbird-ed | 2 Sunbirded-portal, Sunbirded-portal | 2026-04-01 | 5.4 Medium |
| An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2025-12551 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins ListingHub listinghub allows Reflected XSS.This issue affects ListingHub: from n/a through 1.2.6. | ||||
| CVE-2025-70032 | 2 Sunbird, Sunbird-ed | 2 Sunbirded-portal, Sunbirded-portal | 2026-04-01 | 6.1 Medium |
| An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2025-70030 | 2 Sunbird, Sunbird-ed | 2 Sunbirded-portal, Sunbirded-portal | 2026-04-01 | 7.5 High |
| An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2025-70031 | 2 Sunbird, Sunbird-ed | 2 Sunbirded-portal, Sunbirded-portal | 2026-04-01 | 8.8 High |
| An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||