Export limit exceeded: 352599 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352599 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45659 | 1 Microsoft | 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more | 2026-05-26 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-41104 | 1 Microsoft | 1 Planetary Computer Pro | 2026-05-26 | 10 Critical |
| Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23663 | 1 Microsoft | 1 Global Secure Access | 2026-05-26 | 7.5 High |
| Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-24597 | 2 Wordpress, Wpdevart | 2 Wordpress, Organization Chart | 2026-05-26 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5. | ||||
| CVE-2026-24574 | 2 Myrecorp, Wordpress | 2 Export Wp Page To Static Html/css, Wordpress | 2026-05-26 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0. | ||||
| CVE-2026-27357 | 2 Cornelraiu, Wordpress | 2 Wp Search Analytics, Wordpress | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a before 1.5.0. | ||||
| CVE-2026-48837 | 2 Unlimited-elements, Wordpress | 2 Unlimited Elements For Elementor, Wordpress | 2026-05-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8. | ||||
| CVE-2026-24937 | 2026-05-26 | 7.2 High | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3. | ||||
| CVE-2026-45438 | 2 Webtoffee, Wordpress | 2 Smart Coupons For Woocommerce, Wordpress | 2026-05-26 | 7.5 High |
| Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0. | ||||
| CVE-2026-45217 | 2026-05-26 | 6.5 Medium | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Gateway for WooCommerce: from n/a through 5.0.7. | ||||
| CVE-2026-45216 | 2 Storeapps, Wordpress | 2 Smart Manager, Wordpress | 2026-05-26 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0. | ||||
| CVE-2026-42776 | 2026-05-26 | 6.3 Medium | ||
| Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7. | ||||
| CVE-2026-42773 | 2026-05-26 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2. | ||||
| CVE-2026-8046 | 1 Codesys | 32 Codesys Control For Beaglebone Sl, Codesys Control For Empc A Imx6 Sl, Codesys Control For Iot2000 Sl and 29 more | 2026-05-26 | 8.1 High |
| The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges. | ||||
| CVE-2026-8047 | 1 Codesys | 16 Codesys Control For Beaglebone Sl, Codesys Control For Empc A Imx6 Sl, Codesys Control For Iot2000 Sl and 13 more | 2026-05-26 | 7.5 High |
| The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device. | ||||
| CVE-2026-39655 | 2026-05-26 | 5.3 Medium | ||
| Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7. | ||||
| CVE-2025-68648 | 1 Fortinet | 6 Fortianalyzer, Fortianalyzer Cloud, Fortianalyzercloud and 3 more | 2026-05-26 | 6.5 Medium |
| A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14 may allow an attacker to escalate its privileges via specially crafted requests. | ||||
| CVE-2026-4887 | 3 Gimp, Gnome, Redhat | 7 Gimp, Gimp, Enterprise Linux and 4 more | 2026-05-26 | 6.1 Medium |
| A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS). | ||||
| CVE-2026-44468 | 1 Codesys | 2 Codesys Development System, Development System | 2026-05-26 | 7.8 High |
| The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components. | ||||
| CVE-2026-34002 | 2 Redhat, X.org | 6 Enterprise Linux, Enterprise Linux Eus, Rhel E4s and 3 more | 2026-05-26 | 6.1 Medium |
| A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service. | ||||