Export limit exceeded: 15845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0710 | 2 Gravity Wiz, Wordpress | 2 Gp Unique Id, Wordpress | 2026-04-15 | 5.3 Medium |
| The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context. | ||||
| CVE-2024-10316 | 2026-04-15 | 4.3 Medium | ||
| The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2024-2248 | 1 Jfrog | 1 Artifactory | 2026-04-15 | 6.4 Medium |
| A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email. | ||||
| CVE-2024-2080 | 2026-04-15 | 4.3 Medium | ||
| The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private. | ||||
| CVE-2024-11265 | 2026-04-15 | 4.3 Medium | ||
| The Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.3. This is due to returning image upload error messages with full path information. This makes it possible for authenticated attackers, with author-level permissions and above, to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2024-11280 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-11292 | 1 Wordpress | 1 Wp Private Content Plus Plugin | 2026-04-15 | 5.3 Medium |
| The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-11294 | 2 Memberful, Wordpress | 2 Memberful, Wordpress | 2026-04-15 | 5.3 Medium |
| The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members. | ||||
| CVE-2024-11295 | 2 Pluginsandsnippets, Wordpress | 2 Simple Page Access Restriction, Wordpress | 2026-04-15 | 5.3 Medium |
| The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. | ||||
| CVE-2024-20318 | 1 Cisco | 1 Ios Xr Software | 2026-04-15 | 7.4 High |
| A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition. | ||||
| CVE-2025-23203 | 2026-04-15 | 5.5 Medium | ||
| Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it. This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.4 and 1.11.4. If upgrading is not feasible, disable the director module for the users other than admin role for the time being. | ||||
| CVE-2024-11351 | 2026-04-15 | 5.3 Medium | ||
| The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-11741 | 1 Grafana | 1 Grafana | 2026-04-15 | 4.3 Medium |
| Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15 | ||||
| CVE-2024-12014 | 2026-04-15 | N/A | ||
| Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers. | ||||
| CVE-2024-12250 | 2026-04-15 | 5.3 Medium | ||
| The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in other attacks. | ||||
| CVE-2024-1979 | 1 Redhat | 1 Quarkus | 2026-04-15 | 3.5 Low |
| A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk. | ||||
| CVE-2022-26327 | 2026-04-15 | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63. | ||||
| CVE-2024-1477 | 2 Mukeshpanchal, Wordpress | 2 Easy Maintenance Mode, Wordpress | 2026-04-15 | 5.3 Medium |
| The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by the plugin. | ||||
| CVE-2024-12340 | 2026-04-15 | 4.3 Medium | ||
| The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. | ||||
| CVE-2024-13640 | 2 Tychesoftwares, Wordpress | 2 Print Invoice & Delivery Notes For Woocommerce, Wordpress | 2026-04-15 | 5.9 Medium |
| The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/wcdn/invoice directory which can contain invoice files if an email attachment setting is enabled. | ||||