Export limit exceeded: 365308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-53804 2 Brandtoss, Wpmailster 2 Wpmailster, Wp Mailster 2026-04-01 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
CVE-2024-53800 1 Rezgo 1 Rezgo Online Booking 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in rezgo Rezgo rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through <= 4.17.
CVE-2024-52481 1 Astoundify 2 Jobify, Jobify Job Board Wordpress Theme 2026-04-01 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify jobify allows Relative Path Traversal.This issue affects Jobify: from n/a through < 4.3.0.
CVE-2024-50443 1 Wpxpo 1 Postx 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.12.
CVE-2024-49626 1 Piyushmca 1 Shipyaari Shipping Management 2026-04-01 9.8 Critical
Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through <= 1.2.
CVE-2024-49625 2 Brandon Clark, Brandonclark 2 Site Builder Dynamic Components, Sitebuilder Dynamic Components 2026-04-01 9.8 Critical
Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through <= 1.0.
CVE-2024-49321 1 Colorlib 1 Simple Custom Post Order 2026-04-01 4.3 Medium
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through <= 2.5.7.
CVE-2024-49217 2 Madiri Salman Aashish, Madirisalmanaashish 2 User-drop-down-roles-in-registration, Adding Drop Down Roles In Registration 2026-04-01 9.8 Critical
Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through <= 1.1.
CVE-2024-24882 2 Masteriyo, Themegrill 2 Masteriyo, Masteriyo 2026-04-01 9.8 Critical
Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2.
CVE-2023-6080 2 Lakeside Software, Lakesidesoftware 2 Systrack Lsiagent Installer, Systrack Lsiagent 2026-04-01 7.8 High
Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access.
CVE-2025-70033 2 Sunbird, Sunbird-ed 2 Sunbirded-portal, Sunbirded-portal 2026-04-01 5.4 Medium
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70032 2 Sunbird, Sunbird-ed 2 Sunbirded-portal, Sunbirded-portal 2026-04-01 6.1 Medium
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70030 2 Sunbird, Sunbird-ed 2 Sunbirded-portal, Sunbirded-portal 2026-04-01 7.5 High
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70031 2 Sunbird, Sunbird-ed 2 Sunbirded-portal, Sunbirded-portal 2026-04-01 8.8 High
An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70028 2 Sunbird, Sunbird-ed 2 Sunbirded-portal, Sunbirded-portal 2026-04-01 7.5 High
An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2026-5045 1 Tenda 2 Fh1201, Fh1201 Firmware 2026-04-01 8.8 High
A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2026-33572 1 Openclaw 1 Openclaw 2026-04-01 8.4 High
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.
CVE-2026-32974 1 Openclaw 1 Openclaw 2026-04-01 8.6 High
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.
CVE-2025-70029 2 Sunbird, Sunbird-ed 2 Sunbirded-portal, Sunbirded-portal 2026-04-01 7.5 High
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
CVE-2026-31958 1 Tornadoweb 1 Tornado 2026-04-01 7.5 High
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5.