Export limit exceeded: 333730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 333730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333730 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32455 | 2 Realmag777, Wordpress | 2 Mdtf, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5. | ||||
| CVE-2026-32461 | 2 Really-simple-plugins, Wordpress | 2 Really Simple Ssl, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7. | ||||
| CVE-2017-20219 | 1 Serviio | 1 Serviio Pro | 2026-03-16 | 6.1 Medium |
| Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to document.write() in the mediabrowser component to execute code in a user's browser context. | ||||
| CVE-2026-32417 | 2 Wordpress, Wppochipp | 2 Wordpress, Pochipp | 2026-03-16 | 5.4 Medium |
| Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9. | ||||
| CVE-2026-32420 | 2 Ruben Garcia, Wordpress | 2 Gamipress, Wordpress | 2026-03-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6. | ||||
| CVE-2026-32422 | 2 Levelfourdevelopment, Wordpress | 2 Wp-easycart, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13. | ||||
| CVE-2026-32435 | 2 Vowelweb, Wordpress | 2 Vw Pet Shop, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.7. | ||||
| CVE-2026-32446 | 2 Syed Balkhi, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-03-16 | 4.3 Medium |
| Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3. | ||||
| CVE-2026-3873 | 1 Syslink Software Ag | 1 Avantra | 2026-03-16 | 7.2 High |
| Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2026-32338 | 2 Rarathemes, Wordpress | 2 Construction Landing Page, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1. | ||||
| CVE-2026-32374 | 2 Raratheme, Wordpress | 2 The Minimal, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9. | ||||
| CVE-2026-32383 | 2 Raratheme, Wordpress | 2 Ridhi, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2. | ||||
| CVE-2026-32391 | 2 Linethemes, Wordpress | 2 Smartfix, Wordpress | 2026-03-16 | 5.4 Medium |
| Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4. | ||||
| CVE-2026-32418 | 2 Jordy Meow, Wordpress | 2 Meow Gallery, Wordpress | 2026-03-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4. | ||||
| CVE-2026-32447 | 2 Vito Peleg, Wordpress | 2 Atarim, Wordpress | 2026-03-16 | 4.3 Medium |
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2. | ||||
| CVE-2017-20220 | 1 Serviio | 1 Serviio Pro | 2026-03-16 | 7.5 High |
| Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication. | ||||
| CVE-2026-32381 | 2 Raratheme, Wordpress | 2 App Landing Page, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2. | ||||
| CVE-2026-32746 | 1 Gnu | 1 Inetutils | 2026-03-16 | 9.8 Critical |
| telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | ||||
| CVE-2026-32355 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-03-16 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1. | ||||
| CVE-2026-32330 | 2 10web, Wordpress | 2 Photo Gallery, Wordpress | 2026-03-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37. | ||||