Search

Search Results (361839 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-27060 2026-07-02 8.8 High
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
CVE-2026-39448 2026-07-02 7.5 High
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
CVE-2026-57352 2026-07-02 4.8 Medium
Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.
CVE-2026-57358 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions.
CVE-2026-57426 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions.
CVE-2026-57677 2026-07-02 9.8 Critical
Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions.
CVE-2026-57684 2026-07-02 6.5 Medium
Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions.
CVE-2026-57690 2026-07-02 4.3 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions.
CVE-2026-57749 2026-07-02 7.5 High
Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions.
CVE-2026-32280 2 Go Standard Library, Golang 2 Crypto/x509, Go 2026-07-02 7.5 High
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
CVE-2026-57755 2026-07-02 6.5 Medium
Contributor Cross Site Scripting (XSS) in Mosaic Gallery &#8211; Advanced Gallery <= 1.2.0 versions.
CVE-2026-37106 1 Dokuwiki 1 Dokuwiki 2026-07-02 9.8 Critical
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration (a non-default feature).
CVE-2026-57762 2026-07-02 5.9 Medium
Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.
CVE-2026-13835 1 Google 1 Chrome 2026-07-02 8.8 High
Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13936 1 Google 1 Chrome 2026-07-02 6.5 Medium
Inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-27402 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.
CVE-2025-58902 2026-07-02 8.1 High
Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions.
CVE-2026-57685 2026-07-02 4.3 Medium
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme <= 3.2.8 versions.
CVE-2026-57679 2026-07-02 9.3 Critical
Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.
CVE-2026-14046 1 Google 1 Chrome 2026-07-02 4.3 Medium
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)