Export limit exceeded: 365265 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365265 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3479 2026-04-15 2.8 Low
An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data.
CVE-2024-34793 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kharim Tomlinson WP Next Post Navi allows Stored XSS.This issue affects WP Next Post Navi: from n/a through 1.8.3.
CVE-2024-34797 1 Wordpress 1 Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through 1.3.5.
CVE-2024-34798 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger Tool.This issue affects Debug Log – Manger Tool: from n/a through 1.4.5.
CVE-2024-34803 1 Fastly 1 Fastly 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
CVE-2024-34804 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.
CVE-2024-34805 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.
CVE-2024-34808 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0.
CVE-2024-3482 2026-04-15 8.7 High
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.
CVE-2024-34820 2026-04-15 6.5 Medium
Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.
CVE-2024-33644 1 Wpcustomify 1 Customify Site Library 2026-04-15 9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9.
CVE-2024-33647 2026-04-15 6.5 Medium
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
CVE-2024-33665 2026-04-15 6.1 Medium
angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.
CVE-2024-32258 1 Tasemulators 1 Fceux 2026-04-15 8.8 High
The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM.
CVE-2024-32268 2026-04-15 3.3 Low
An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component.
CVE-2024-32269 1 Yonganda 1 Yad-loj Firmware 2026-04-15 7.5 High
An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet.
CVE-2024-3230 2 Dfactory, Wordpress 2 Download Attachments, Wordpress 2026-04-15 6.4 Medium
The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-32323 2026-04-15 8.1 High
SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a remote attacker to obtain sensitive information via the if parameter in hcit.project.rte.agents.UploadImages.class.
CVE-2024-3233 2026-04-15 4.3 Medium
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index creation.
CVE-2024-3235 2026-04-15 5.3 Medium
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information.