Export limit exceeded: 342738 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342738 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27348 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-04-07 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography allows DOM-Based XSS.This issue affects Photography: from n/a before 7.7.6. | ||||
| CVE-2026-27043 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-04-07 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6. | ||||
| CVE-2025-69303 | 2 Modeltheme, Wordpress | 2 Modeltheme Framework, Wordpress | 2026-04-07 | 7.5 High |
| Missing Authorization vulnerability in ModelTheme ModelTheme Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a before 2.0.0. | ||||
| CVE-2026-31353 | 1 Feehi | 1 Feehi Cms | 2026-04-07 | N/A |
| An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. | ||||
| CVE-2025-61166 | 1 Ascertia | 1 Signinghub User | 2026-04-07 | 6.1 Medium |
| An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL. | ||||
| CVE-2026-30613 | 1 Aziot | 1 Node Smart Switch | 2026-04-07 | N/A |
| An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from the serial console without authentication. | ||||
| CVE-2025-54328 | 1 Samsung | 1 Exynos | 2026-04-07 | 10 Critical |
| An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages. | ||||
| CVE-2025-54601 | 1 Samsung | 1 Exynos | 2026-04-07 | N/A |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads. | ||||
| CVE-2025-54602 | 1 Samsung | 1 Exynos | 2026-04-07 | 7 High |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads. | ||||
| CVE-2025-57834 | 1 Samsung | 1 Exynos | 2026-04-07 | 7.5 High |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410). The absence of proper input validation leads to a Denial of Service. | ||||
| CVE-2025-54324 | 1 Samsung | 1 Exynos | 2026-04-07 | N/A |
| An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport packet leads to a Denial of Service. | ||||
| CVE-2025-57835 | 1 Samsung | 1 Exynos | 2026-04-07 | N/A |
| An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in an illegal memory access, causing a system crash via a malformed RRCReconfiguration message. | ||||
| CVE-2025-58349 | 1 Samsung | 1 Exynos | 2026-04-07 | N/A |
| An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of LTE MAC packets containing many MAC Control Elements (CEs) leads to baseband crashes. | ||||
| CVE-2025-59440 | 1 Samsung | 1 Exynos | 2026-04-07 | N/A |
| An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a Denial of Service. | ||||
| CVE-2026-5666 | 1 Code-projects | 1 Online Fir System | 2026-04-07 | 5.3 Medium |
| A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-34588 | 1 Academysoftwarefoundation | 1 Openexr | 2026-04-07 | 8.8 High |
| OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9. | ||||
| CVE-2026-34589 | 1 Academysoftwarefoundation | 1 Openexr | 2026-04-07 | 8.8 High |
| OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9. | ||||
| CVE-2025-47389 | 1 Qualcomm | 1 Snapdragon | 2026-04-07 | 7.8 High |
| Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | ||||
| CVE-2025-47390 | 1 Qualcomm | 1 Snapdragon | 2026-04-07 | 7.8 High |
| Memory corruption while preprocessing IOCTL request in JPEG driver. | ||||
| CVE-2025-47391 | 1 Qualcomm | 1 Snapdragon | 2026-04-07 | 7.8 High |
| Memory corruption while processing a frame request from user. | ||||