Export limit exceeded: 11443 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11443 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28874 | 1 Shanebp | 1 Bp Email Assign Templates | 2026-04-23 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates bp-email-assign-templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Email Assign Templates: from n/a through <= 1.7. | ||||
| CVE-2026-40096 | 2 Futo, Immich-app | 2 Immich, Immich | 2026-04-23 | 5.4 Medium |
| immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a <meta> tag in api.service.ts. A registered attacker can create a shared album with a crafted name containing 0;url=https://attackersite.com" http-equiv="refresh, which when rendered in the <meta property="og:title"> tag causes the victim's browser to redirect to an attacker-controlled site upon opening the share link. This facilitates phishing attacks, as the attacker could host a modified version of immich that collects login credentials from victims who believe they need to authenticate to view the shared album. This issue has been fixed in version 2.7.3. | ||||
| CVE-2025-26977 | 1 Ninjateam | 1 Filebird | 2026-04-23 | 3.8 Low |
| Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through <= 6.4.2.1. | ||||
| CVE-2025-24741 | 1 Logon | 1 Kb Support | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in LOGON KB Support kb-support.This issue affects KB Support: from n/a through <= 1.6.7. | ||||
| CVE-2025-24740 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through <= 4.2.7.1. | ||||
| CVE-2025-22695 | 2026-04-23 | 4.3 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support nirweb-support.This issue affects Nirweb support: from n/a through <= 3.0.3. | ||||
| CVE-2024-54255 | 2026-04-23 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through <= 6.1.2. | ||||
| CVE-2024-50483 | 2 Meetup, Tareqhasan | 2 Meetup, Meetup | 2026-04-23 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1. | ||||
| CVE-2024-50463 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9. | ||||
| CVE-2024-50442 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-04-23 | 6.5 Medium |
| Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through <= 1.3.980. | ||||
| CVE-2024-49682 | 1 Simple-membership-plugin | 1 Simple Membership | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3. | ||||
| CVE-2024-47648 | 1 Theeventprime | 1 Eventprime | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5. | ||||
| CVE-2024-47646 | 2026-04-23 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in tomlister Payflex Payment Gateway payflex-payment-gateway.This issue affects Payflex Payment Gateway: from n/a through <= 2.6.1. | ||||
| CVE-2024-47354 | 2026-04-23 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership After Login Redirection simple-membership-after-login-redirection.This issue affects Simple Membership After Login Redirection: from n/a through <= 1.6. | ||||
| CVE-2024-47353 | 1 Quomodosoft | 1 Elementsready | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. | ||||
| CVE-2024-47316 | 1 Salonbookingsystem | 1 Salon Booking System | 2026-04-23 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking system: from n/a through <= 10.9. | ||||
| CVE-2024-43266 | 1 Wpjobportal | 1 Wp Job Portal | 2026-04-23 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.8. | ||||
| CVE-2024-43239 | 1 Masteriyo | 1 Masteriyo | 2026-04-23 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4. | ||||
| CVE-2026-30459 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-23 | 7.1 High |
| An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message. | ||||
| CVE-2026-33149 | 2 Tandoor, Tandoorrecipes | 2 Recipes, Recipes | 2026-04-23 | 8.1 High |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.build_absolute_uri() to generate absolute URLs in multiple contexts, including invite link emails, API pagination, and OpenAPI schema generation. An attacker who can send requests to the application with a crafted Host header can manipulate all server-generated absolute URLs. The most critical impact is invite link poisoning: when an admin creates an invite and the application sends the invite email, the link points to the attacker's server instead of the real application. When the victim clicks the link, the invite token is sent to the attacker, who can then use it at the real application. As of time of publication, it is unknown if a patched version is available. | ||||