ReportizFlow
Filtered by vendor
Subscriptions
Total
6303 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31380 | 1 Soflyy | 1 Oxygen | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9. | ||||
| CVE-2024-31266 | 1 Algolplus | 1 Advanced Order Export | 2026-04-28 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. | ||||
| CVE-2024-25096 | 1 Canto | 1 Canto | 2026-04-28 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. | ||||
| CVE-2024-24707 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | ||||
| CVE-2024-22144 | 2026-04-28 | 9 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96. | ||||
| CVE-2023-51420 | 1 Soft8soft | 1 Verge3d | 2026-04-28 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | ||||
| CVE-2023-49830 | 1 Brainstormforce | 1 Astra | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1. | ||||
| CVE-2023-47840 | 1 Qodeinteractive | 1 Qode Essential Addons | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | ||||
| CVE-2023-46623 | 1 Wpvnteam | 1 Wp Extra | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2. | ||||
| CVE-2023-45751 | 1 Posimyth | 1 Nexter Extension | 2026-04-28 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3. | ||||
| CVE-2023-40606 | 1 Kanbanwp | 1 Kanban Boards For Wordpress | 2026-04-28 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. | ||||
| CVE-2023-39157 | 1 Crocoblock | 1 Jetelements | 2026-04-28 | 9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10. | ||||
| CVE-2023-32095 | 1 Milandinic | 1 Rename Media Files | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. | ||||
| CVE-2023-25054 | 1 Carrcommunications | 1 Rsvpmaker | 2026-04-28 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. | ||||
| CVE-2023-22677 | 1 Binarystash | 1 Wp Booklet | 2026-04-28 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8. | ||||
| CVE-2022-42699 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2026-04-28 | 9.1 Critical |
| Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | ||||
| CVE-2026-27760 | 1 Opencats | 1 Opencats | 2026-04-28 | 8.1 High |
| OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string context in config.php using a single quote and statement separator to inject malicious PHP code that persists and executes on every subsequent page load when the installation wizard remains incomplete. | ||||
| CVE-2026-7281 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-04-28 | 2.4 Low |
| A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-7191 | 1 Aws | 1 Qnabot On Aws | 2026-04-28 | 7.2 High |
| Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch indices, S3 objects, DynamoDB tables) that are not exposed through normal administrative interfaces. We recommend you upgrade to version 7.3.0 or above. | ||||
| CVE-2024-25918 | 1 Instawp | 1 Instawp Connect | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | ||||