Export limit exceeded: 363519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363519 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-60248 2 Wordpress, Wpclever 2 Wordpress, Wpc Product Bundles For Woocommerce 2026-04-15 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through <= 3.1.3.
CVE-2025-62012 3 Codexthemes, Elementor, Wordpress 3 Thegem, Elementor, Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.
CVE-2025-61672 1 Element-hq 1 Synapse 2026-04-15 5.4 Medium
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2.
CVE-2025-62010 1 Wordpress 1 Wordpress 2026-04-15 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Famita famita allows PHP Local File Inclusion.This issue affects Famita: from n/a through <= 1.54.
CVE-2025-62030 2 Tagdiv, Wordpress 2 Composer, Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1.
CVE-2025-62036 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
CVE-2025-62039 2 Ays-pro, Wordpress 2 Ai Chatbot With Chatgpt, Wordpress 2026-04-15 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.6.6.
CVE-2025-62044 2 Codexthemes, Wordpress 2 Thegem, Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.10.5.1.
CVE-2025-62057 2 Favethemes, Wordpress 2 Houzez, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through < 4.2.0.
CVE-2025-62064 2 Elated-themes, Wordpress 2 Search And Go Directory, Wordpress 2026-04-15 9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through <= 2.7.
CVE-2025-62074 2 Amauri, Wordpress 2 Wpmobile.app, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through <= 11.71.
CVE-2025-62076 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through <= 2.4.6.
CVE-2025-6327 2 Kingaddons, Wordpress 2 King Addons For Elementor, Wordpress 2026-04-15 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.
CVE-2025-64173 1 Apollographql 1 Apollo-router 2026-04-15 7.5 High
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields while ignoring directives on their implementing object types/fields when all implementations had the same requirements. Apollo Router customers defining @authenticated, @requiresScopes, or @policy directives inconsistently on polymorphic types (i.e., object types that implement interface types) are impacted. This issue is fixed in versions 1.61.12 and 2.8.1.
CVE-2025-64232 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through <= 3.1.17.
CVE-2025-8505 1 495300897 1 Wx-shop 2026-04-15 4.3 Medium
A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
CVE-2025-8506 1 495300897 1 Wx-shop 2026-04-15 3.5 Low
A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVE-2025-9338 1 Asus 1 Armoury Crate 2026-04-15 N/A
A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Security Advisory.
CVE-2025-9970 1 Abb 1 Mconfig 2026-04-15 7.4 High
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.
CVE-2025-60639 2026-04-15 6.5 Medium
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26).