Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85849 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-4840 1 Netcore 1 Power 15ax 2026-04-24 8.8 High
A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-3328 2 Shabti, Wordpress 2 Frontend Admin By Dynamapps, Wordpress 2026-04-24 7.2 High
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post_content' of admin_form posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's `maybe_unserialize()` function without class restrictions on user-controllable content stored in admin_form post content. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution.
CVE-2026-32517 2 Kleor, Wordpress 2 Contact Manager, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: from n/a through <= 9.1.
CVE-2026-32503 2 Creativews, Wordpress 2 Trendustry, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through <= 1.1.4.
CVE-2026-32505 2 Creativews, Wordpress 2 Kiddy, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through <= 2.0.8.
CVE-2026-32504 2 Creativews, Wordpress 2 Vintwood, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8.
CVE-2026-32488 2 Wordpress, Wpeverest 2 Wordpress, User Registration 2026-04-24 8.1 High
Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9.
CVE-2026-25464 2 Tielabs, Wordpress 2 Jannah, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.4.
CVE-2026-4910 1 Shenzhen Ruiming Technology 1 Streamax Crocus 2026-04-24 7.3 High
A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such manipulation of the argument State leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-4841 1 Code-projects 1 Online Food Ordering System 2026-04-24 7.3 High
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4824 1 Enter Software 1 Iperius Backup 2026-04-24 7 High
A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 8.7.4 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVE-2026-4822 1 Enter Software 1 Iperius Backup 2026-04-24 7 High
A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only possible with local access. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit is now public and may be used. Upgrading to version 8.7.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVE-2026-27087 2 G5theme, Wordpress 2 Wolverine Framework, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through <= 1.9.
CVE-2026-27075 2 Mikado-themes, Wordpress 2 Belfort, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0.
CVE-2026-27088 2 G5theme, Wordpress 2 Darna Framework, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Darna Framework darna-framework allows Reflected XSS.This issue affects Darna Framework: from n/a through <= 2.9.
CVE-2026-27078 2 Mikado-themes, Wordpress 2 Emaurri, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1.
CVE-2026-2511 2 Rabilal, Wordpress 2 Js Help Desk – Ai-powered Support & Ticketing System, Wordpress 2026-04-24 7.5 High
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-supplied `multiformid` value being passed to `esc_sql()` without enclosing the result in quotes in the SQL query, rendering the escaping ineffective against payloads that do not contain quote characters. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-25456 2 Aarsiv Groups, Wordpress 2 Automated Fedex Live/manual Rates With Shipping Labels, Wordpress 2026-04-24 7.3 High
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through <= 5.1.9.
CVE-2026-27077 2 Mikado-themes, Wordpress 2 Multioffice, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2.
CVE-2026-27048 2 Elated-themes, Wordpress 2 The Aisle Core, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through <= 2.0.5.