Total
35523 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43240 | 1 Wpindeed | 1 Ultimate Membership Pro | 2026-04-23 | 9.4 Critical |
| Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7. | ||||
| CVE-2024-43230 | 2 Sharedfilespro, Tammersoft | 2 Shared Files, Shared Files | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.28. | ||||
| CVE-2024-35700 | 1 Userproplugin | 1 Userpro | 2026-04-23 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8. | ||||
| CVE-2024-32959 | 2 Sirv, Wordpress | 2 Sirv, Wordpress | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2. | ||||
| CVE-2024-32782 | 1 Hasthemes | 1 Ht Mega | 2026-04-23 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.4.7. | ||||
| CVE-2024-23506 | 1 Instawp | 1 Instawp Connect | 2026-04-23 | 7.7 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. | ||||
| CVE-2024-1435 | 1 Tainacan | 1 Tainacan | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.6. | ||||
| CVE-2024-1250 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. | ||||
| CVE-2023-5963 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 3.1 Low |
| An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. | ||||
| CVE-2023-5831 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | ||||
| CVE-2023-5226 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 4.8 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. | ||||
| CVE-2008-4609 | 12 Bsd, Bsdi, Cisco and 9 more | 22 Bsd, Bsd Os, Catalyst Blade Switch 3020 and 19 more | 2026-04-23 | N/A |
| The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | ||||
| CVE-2009-1807 | 1 Baofeng | 1 Storm | 2026-04-23 | N/A |
| Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009. | ||||
| CVE-2009-1178 | 1 Ibm | 1 Tivoli Storage Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line." | ||||
| CVE-2009-0042 | 2 Broadcom, Ca | 19 Anti-spyware, Anti-spyware For The Enterprise, Anti-virus and 16 more | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. | ||||
| CVE-2008-6765 | 1 Viart | 1 Viart Shop | 2026-04-23 | N/A |
| ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter. | ||||
| CVE-2007-4826 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2026-04-23 | N/A |
| bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. | ||||
| CVE-2007-3922 | 2 Redhat, Sun | 5 Enterprise Linux, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. | ||||
| CVE-2009-2942 | 2 Mysql, Mysql-ocaml | 2 Mysql, Mysql-ocaml | 2026-04-23 | N/A |
| The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | ||||
| CVE-2008-1729 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. | ||||