Export limit exceeded: 355839 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355839 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8434 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43252 | 1 Crewhrm | 1 Crewhrm | 2026-04-23 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in Crew HRM Crew HRM hr-management.This issue affects Crew HRM: from n/a through <= 1.1.1. | ||||
| CVE-2024-37930 | 2 Theme-sphere, Themesphere | 2 Smartmag, Smartmag | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information into Log File vulnerability in ThemeSphere SmartMag smartmag-responsive-retina-wordpress-magazine.This issue affects SmartMag: from n/a through < 10.1.0. | ||||
| CVE-2024-37502 | 3 Wordpress, Wpweb, Wpwebelite | 3 Wordpress, Woocommerce Social Login, Woocommerce Social Login | 2026-04-23 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.This issue affects WooCommerce Social Login: from n/a through <= 2.6.3. | ||||
| CVE-2024-32817 | 2026-04-23 | 4.4 Medium | ||
| Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.2. | ||||
| CVE-2024-30229 | 2 Givewp, Wordpress | 2 Givewp, Wordpress | 2026-04-23 | 8 High |
| Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.4.2. | ||||
| CVE-2024-30221 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2026-04-23 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.1.1. | ||||
| CVE-2024-29136 | 1 Themefic | 1 Tourfic | 2026-04-23 | 8.5 High |
| Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.17. | ||||
| CVE-2026-35464 | 1 Pyload | 1 Pyload | 2026-04-23 | 7.5 High |
| pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store, plant a malicious pickle payload as a predictable session file, and trigger arbitrary code execution when any HTTP request arrives with the corresponding session cookie. This vulnerability is fixed with commit c4cf995a2803bdbe388addfc2b0f323277efc0e1. | ||||
| CVE-2025-53242 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1. | ||||
| CVE-2026-39963 | 1 S9y | 1 Serendipity | 2026-04-23 | 6.9 Medium |
| Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as the domain parameter of setcookie(). An attacker who can influence the Host header at login time, such as via MITM, reverse proxy misconfiguration, or load balancer manipulation, can force authentication cookies including session tokens and auto-login tokens to be scoped to an attacker-controlled domain. This enables session fixation, token leakage to attacker-controlled infrastructure, and privilege escalation if an admin logs in under a poisoned Host header. This issue has been fixed in version 2.6.0. | ||||
| CVE-2008-3929 | 1 Ampache | 1 Ampache | 2026-04-23 | N/A |
| gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file. | ||||
| CVE-2008-0665 | 1 Website Meta Language | 1 Website Meta Language | 2026-04-23 | N/A |
| wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. | ||||
| CVE-2008-0666 | 1 Website Meta Language | 1 Website Meta Language | 2026-04-23 | N/A |
| Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. | ||||
| CVE-2008-3928 | 1 Debian | 1 Honeyd Common | 2026-04-23 | N/A |
| test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2008-3927 | 1 Tiger | 1 Tiger | 2026-04-23 | N/A |
| genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2008-0613 | 1 Xoops | 1 Xoops | 2026-04-23 | N/A |
| Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. | ||||
| CVE-2009-4135 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Coreutils | 2026-04-23 | N/A |
| The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. | ||||
| CVE-2008-3930 | 1 Debian | 1 Citadel Server | 2026-04-23 | N/A |
| migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2007-5695 | 1 Sitebar | 1 Sitebar | 2026-04-23 | N/A |
| Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action. | ||||
| CVE-2009-3304 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php. | ||||