Search Results (363135 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7101 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.
CVE-2008-7102 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.
CVE-2013-4649 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.
CVE-2004-2324 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.
CVE-2008-6541 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.
CVE-2026-26169 1 Microsoft 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more 2026-04-24 6.1 Medium
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
CVE-2026-26170 1 Microsoft 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more 2026-04-24 7.8 High
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2026-26172 1 Microsoft 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more 2026-04-24 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26173 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-04-24 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-32605 1 Nimiq 2 Core-rs-albatross, Nimiq Proof-of-stake 2026-04-24 7.5 High
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.num_validators(). ProposalSender::send uses > instead of >= for the signer bounds check, so the equality case passes and reaches validators.get_validator_by_slot_band(signer), which panics with an out-of-bounds index before any signature verification runs. This issue has been fixed in version 1.3.0.
CVE-2026-40093 1 Nimiq 2 Core-rs-albatross, Nimiq Proof-of-stake 2026-04-24 8.1 High
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via Policy::supply_at() and batch_delay() in blockchain/src/reward.rs, inflating the monetary supply beyond the intended emission schedule.
CVE-2026-34069 1 Nimiq 2 Core-rs-albatross, Nimiq Proof-of-stake 2026-04-24 5.3 Medium
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the first locator hash on the victim’s main chain is a micro block hash (not a macro block hash) causes said panic. The RequestMacroChain::handle handler selects the locator based only on "is on main chain", then calls get_macro_blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro). This issue has been fixed in version 1.3.0.
CVE-2026-23799 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.
CVE-2026-27344 2 Inseriswiss, Wordpress 2 Inseri Core, Wordpress 2026-04-24 5.9 Medium
Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <= 1.0.5.
CVE-2026-27348 2 Themegoods, Wordpress 2 Photography, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through < 7.7.6.
CVE-2026-27358 2 Themegoods, Wordpress 2 Architecturer, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Architecturer architecturer allows Reflected XSS.This issue affects Architecturer: from n/a through < 3.9.5.
CVE-2026-27386 2 Designthemes, Wordpress 2 Designthemes Directory Addon, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through <= 1.8.
CVE-2026-28038 2 Brainstormforce, Wordpress 2 Ultimate Addons For Wpbakery Page Builder, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Brainstorm_Force Ultimate Addons for WPBakery Page Builder ultimate_vc_addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through <= 3.21.1.
CVE-2026-22495 2 Ancorathemes, Wordpress 2 Greenville, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through <= 1.3.2.
CVE-2026-25379 2 Jwsthemes, Wordpress 2 Streamvid, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through < 6.8.6.