Export limit exceeded: 361784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 85004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85004 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25988 | 2026-04-28 | 7.5 High | ||
| Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6. | ||||
| CVE-2023-25800 | 1 Themeum | 1 Tutor Lms | 2026-04-28 | 8.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | ||||
| CVE-2023-25714 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2026-04-28 | 7.5 High |
| Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25. | ||||
| CVE-2023-25700 | 1 Themeum | 1 Tutor Lms | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | ||||
| CVE-2023-25446 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.7 High |
| Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1. | ||||
| CVE-2023-24000 | 1 Gamipress | 1 Gamipress | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | ||||
| CVE-2023-23649 | 1 Mainwp | 1 Mainwp Links Manager Extension | 2026-04-28 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. | ||||
| CVE-2023-22701 | 1 Shopfiles | 1 Ebook Store | 2026-04-28 | 7.5 High |
| Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775. | ||||
| CVE-2022-47445 | 1 Web-x | 2 Be-popia-compliant, Be Popia Compliant | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0. | ||||
| CVE-2022-46860 | 1 Kaizencoders | 1 Short Url | 2026-04-28 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. | ||||
| CVE-2022-46859 | 1 Spiffyplugins | 1 Spiffy Calendar | 2026-04-28 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. | ||||
| CVE-2022-46818 | 1 Gopiplus | 1 Email Posts To Subscribers | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2. | ||||
| CVE-2022-46808 | 1 Reputeinfosystems | 1 Armember | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11. | ||||
| CVE-2022-45805 | 1 Paytm | 1 Payment Gateway | 2026-04-28 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3. | ||||
| CVE-2022-45373 | 1 Wp-slimstat | 1 Slimstat Analytics | 2026-04-28 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4. | ||||
| CVE-2022-41616 | 1 Kaushikkalathiya | 1 Export Users Data | 2026-04-28 | 7.6 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | ||||
| CVE-2025-24257 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-28 | 7.1 High |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2025-24196 | 1 Apple | 1 Macos | 2026-04-28 | 8.8 High |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory. | ||||
| CVE-2025-30456 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-28 | 7.8 High |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges. | ||||
| CVE-2026-41241 | 1 Pretalx | 1 Pretalx | 2026-04-28 | 8.7 High |
| pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields (which includes any registered user whose display name is looked up by an administrator) could include HTML or JavaScript that would execute in an organiser's browser when the organiser's search query matched the malicious record. This vulnerability is fixed in 2026.1.0. | ||||