Export limit exceeded: 345229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31118 | 2 Smartypantsplugins, Wordpress | 2 Sp Project & Document Manager, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70. | ||||
| CVE-2024-31121 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions. | ||||
| CVE-2024-31122 | 2026-04-15 | 5.8 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism IT Systems User Rights Access Manager allows Reflected XSS.This issue affects User Rights Access Manager: from n/a through 1.1.2. | ||||
| CVE-2024-31123 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderFAQ allows Reflected XSS.This issue affects SpiderFAQ: from n/a through 1.3.2. | ||||
| CVE-2024-31127 | 1 Zscaler | 1 Client Connector | 2026-04-15 | 7.3 High |
| An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges. | ||||
| CVE-2024-31155 | 1 Intel | 1 Processors | 2026-04-15 | 7.5 High |
| Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-31157 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.3 Medium |
| Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2024-31158 | 1 Intel | 1 Server Board S2600bp Firmware | 2026-04-15 | 7.5 High |
| Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-31354 | 1 Tribulant | 1 Slideshow Gallery | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | ||||
| CVE-2024-31162 | 1 Asus | 1 Download Master | 2026-04-15 | 7.2 High |
| The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. | ||||
| CVE-2024-31163 | 1 Asus | 1 Download Master | 2026-04-15 | 7.2 High |
| ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. | ||||
| CVE-2024-31209 | 2026-04-15 | 5.3 Medium | ||
| oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(s)`3.1.2` & `3.2.0-beta.3`. | ||||
| CVE-2024-31206 | 2026-04-15 | 8.2 High | ||
| dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it. | ||||
| CVE-2024-31234 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2. | ||||
| CVE-2024-31219 | 1 Discourse | 2 Discourse, Discourse Reactions | 2026-04-15 | 4.3 Medium |
| Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the `/u/:username/activity/reactions` endpoint. | ||||
| CVE-2024-3122 | 2026-04-15 | 4.9 Medium | ||
| CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system. | ||||
| CVE-2024-31235 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. | ||||
| CVE-2024-31229 | 1 Really-simple-plugins | 1 Complianz | 2026-04-15 | 5.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3. | ||||
| CVE-2024-3123 | 2026-04-15 | 7.2 High | ||
| CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands. | ||||
| CVE-2024-31231 | 2 Sizam Design, Wordpress | 2 Rehub, Wordpress | 2026-04-15 | 9 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. | ||||