Export limit exceeded: 12324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10091 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10091 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45068 | 1 Mercadopago | 1 Mercado Pago Payments For Woocommerce | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. | ||||
| CVE-2022-45067 | 1 Devscred | 1 Exclusive Addons For Elementor | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | ||||
| CVE-2022-44737 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2026-04-28 | 6.5 Medium |
| Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. | ||||
| CVE-2022-41990 | 1 Cardozatechnologies | 1 Cardoza-3d-tag-cloud | 2026-04-28 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8. | ||||
| CVE-2022-41685 | 1 Visztpeter | 2 Integration For Szamlazz.hu \& Woocommerce, Package Points And Shipping Labels For Woocommerce | 2026-04-28 | 5.4 Medium |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. | ||||
| CVE-2022-40692 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2026-04-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | ||||
| CVE-2022-38079 | 1 Backup Scheduler Project | 1 Backup Scheduler | 2026-04-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | ||||
| CVE-2022-38063 | 1 Social Login Wp Project | 1 Social Login Wp | 2026-04-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions. | ||||
| CVE-2022-36388 | 1 Ydesignservices | 1 Yds Support Ticket System | 2026-04-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress. | ||||
| CVE-2022-36379 | 1 Yookassa | 1 Yukassa For Woocommerce | 2026-04-28 | 8.8 High |
| Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | ||||
| CVE-2022-33201 | 1 Mailerlite | 1 Mailerlite Signup Forms | 2026-04-28 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. | ||||
| CVE-2025-43301 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access contact info related to notifications in Notification Center. | ||||
| CVE-2025-43296 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. | ||||
| CVE-2025-43409 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-43452 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2026-04-28 | 4.6 Medium |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen. | ||||
| CVE-2025-43405 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-28 | 7.5 High |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43496 | 1 Apple | 7 Ios, Ipad Os, Ipados and 4 more | 2026-04-28 | 7.5 High |
| The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off. | ||||
| CVE-2026-40471 | 1 Hackage-server | 1 Hackage-server | 2026-04-28 | 9.6 Critical |
| hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated actions could also be abused (e.g. creating new user accounts). | ||||
| CVE-2026-3565 | 2 Taqnix, Wordpress | 2 Taqnix, Wordpress | 2026-04-28 | 4.3 Medium |
| The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnix_delete_my_account() function, where the check_ajax_referer() call is explicitly commented out on line 883. This makes it possible for unauthenticated attackers to trick a logged-in non-administrator user into deleting their own account via a forged request granted they can trick the user into performing an action such as clicking a link or visiting a malicious page. | ||||
| CVE-2025-24148 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed with improved handling of executable types. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious JAR file may bypass Gatekeeper checks. | ||||