Export limit exceeded: 361738 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85001 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25700 | 1 Themeum | 1 Tutor Lms | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | ||||
| CVE-2023-25446 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.7 High |
| Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1. | ||||
| CVE-2023-24000 | 1 Gamipress | 1 Gamipress | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | ||||
| CVE-2023-23649 | 1 Mainwp | 1 Mainwp Links Manager Extension | 2026-04-28 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. | ||||
| CVE-2023-22701 | 1 Shopfiles | 1 Ebook Store | 2026-04-28 | 7.5 High |
| Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775. | ||||
| CVE-2022-47445 | 1 Web-x | 2 Be-popia-compliant, Be Popia Compliant | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0. | ||||
| CVE-2022-46860 | 1 Kaizencoders | 1 Short Url | 2026-04-28 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. | ||||
| CVE-2022-46859 | 1 Spiffyplugins | 1 Spiffy Calendar | 2026-04-28 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. | ||||
| CVE-2022-46818 | 1 Gopiplus | 1 Email Posts To Subscribers | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2. | ||||
| CVE-2022-46808 | 1 Reputeinfosystems | 1 Armember | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11. | ||||
| CVE-2022-45805 | 1 Paytm | 1 Payment Gateway | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3. | ||||
| CVE-2022-45373 | 1 Wp-slimstat | 1 Slimstat Analytics | 2026-04-28 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4. | ||||
| CVE-2022-41616 | 1 Kaushikkalathiya | 1 Export Users Data | 2026-04-28 | 7.6 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | ||||
| CVE-2025-24257 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-28 | 7.1 High |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2025-24196 | 1 Apple | 1 Macos | 2026-04-28 | 8.8 High |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory. | ||||
| CVE-2025-30456 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-28 | 7.8 High |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges. | ||||
| CVE-2026-41241 | 1 Pretalx | 1 Pretalx | 2026-04-28 | 8.7 High |
| pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields (which includes any registered user whose display name is looked up by an administrator) could include HTML or JavaScript that would execute in an organiser's browser when the organiser's search query matched the malicious record. This vulnerability is fixed in 2026.1.0. | ||||
| CVE-2026-39462 | 1 Senselive | 3 X3050, X3500, X3500 Firmware | 2026-04-28 | 8.1 High |
| A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly. | ||||
| CVE-2026-41246 | 1 Projectcontour | 1 Contour | 2026-04-28 | 8.1 High |
| Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in spec.routes[].cookieRewritePolicies[].pathRewrite.value or spec.routes[].services[].cookieRewritePolicies[].pathRewrite.value that results in arbitrary code execution in the Envoy proxy. The cookie rewriting feature is internally implemented using Envoy's HTTP Lua filter. User-controlled values are interpolated into Lua source code using Go text/template without sufficient sanitization. The injected code only executes when processing traffic on the attacker's own route, which they already control. However, since Envoy runs as shared infrastructure, the injected code can also read Envoy's xDS client credentials from the filesystem or cause denial of service for other tenants sharing the Envoy instance. This vulnerability is fixed in v1.33.4, v1.32.5, and v1.31.6. | ||||
| CVE-2026-40623 | 1 Senselive | 3 X3050, X3500, X3500 Firmware | 2026-04-28 | 8.1 High |
| A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable. | ||||