Export limit exceeded: 342045 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342045 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342045 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20995 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 5.3 Medium |
| Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration. | ||||
| CVE-2026-20997 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 9.8 Critical |
| Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. | ||||
| CVE-2026-20998 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 9.8 Critical |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | ||||
| CVE-2026-20999 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 7.5 High |
| Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. | ||||
| CVE-2026-21004 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 6.5 Medium |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service. | ||||
| CVE-2026-21005 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 6.5 Medium |
| Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege. | ||||
| CVE-2026-25369 | 2 Flexmls, Wordpress | 2 Flexmls Idx, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Reflected XSS.This issue affects Flexmls® IDX: from n/a through <= 3.15.9. | ||||
| CVE-2026-32587 | 2 Saad Iqbal, Wordpress | 2 Wp Easypay, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11. | ||||
| CVE-2026-32586 | 2 Pluggabl, Wordpress | 2 Booster For Woocommerce, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3. | ||||
| CVE-2025-31966 | 1 Hcltech | 1 Sametime | 2026-04-02 | 2.7 Low |
| HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server. | ||||
| CVE-2026-4366 | 1 Redhat | 7 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform and 4 more | 2026-04-02 | 5.8 Medium |
| A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. As a result, sensitive internal services such as cloud metadata endpoints could be accessed. This issue may lead to information disclosure and enable attackers to map internal network infrastructure. | ||||
| CVE-2026-22730 | 1 Vmware | 2 Spring, Spring Ai | 2026-04-02 | 8.8 High |
| A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization. | ||||
| CVE-2026-22729 | 1 Vmware | 2 Spring, Spring Ai | 2026-04-02 | 8.6 High |
| A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents. This vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata. The vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters like ", ||, and && are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics. | ||||
| CVE-2026-32565 | 2 Webberzone, Wordpress | 2 Contextual Related Posts, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through < 4.2.2. | ||||
| CVE-2026-25449 | 2 Shinetheme, Wordpress | 2 Traveler, Wordpress | 2026-04-02 | N/A |
| Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1. | ||||
| CVE-2026-27093 | 2 Ovatheme, Wordpress | 2 Tripgo, Wordpress | 2026-04-02 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through < 1.5.6. | ||||
| CVE-2026-27091 | 2 Uipress, Wordpress | 2 Uipress Lite, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09. | ||||
| CVE-2026-25471 | 2 Themepaste, Wordpress | 2 Admin Safety Guard, Wordpress | 2026-04-02 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through <= 1.2.6. | ||||
| CVE-2026-25312 | 2 Theeventprime, Wordpress | 2 Eventprime, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.3. | ||||
| CVE-2025-32223 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-02 | N/A |
| Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4. | ||||