Export limit exceeded: 362708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362708 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57684 | 2 Tranmautritam, Wordpress | 2 Thefox, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions. | ||||
| CVE-2026-57685 | 2 Drfuri, Wordpress | 2 Martfury - Woocommerce Marketplace Wordpress Theme, Wordpress | 2026-07-06 | 4.3 Medium |
| Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme <= 3.2.8 versions. | ||||
| CVE-2026-57686 | 2 Wordpress, Wpxpo | 2 Wordpress, Wowaddons | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions. | ||||
| CVE-2026-57688 | 2 Gurmehub, Wordpress | 2 Pos Entegratör, Wordpress | 2026-07-06 | 8.2 High |
| Unauthenticated Broken Access Control in POS Entegratör <= 3.7.103 versions. | ||||
| CVE-2026-57689 | 2 Fuelthemes, Wordpress | 2 Werkstatt, Wordpress | 2026-07-06 | 4.3 Medium |
| Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions. | ||||
| CVE-2026-57690 | 2 Fuelthemes, Wordpress | 2 Werkstatt, Wordpress | 2026-07-06 | 4.3 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions. | ||||
| CVE-2026-57748 | 2 Shopify Help Center, Wordpress | 2 Shopify, Wordpress | 2026-07-06 | 7.5 High |
| Contributor Local File Inclusion in Shopify <= 1.0.0 versions. | ||||
| CVE-2026-57750 | 2 Keksdieb, Wordpress | 2 Ez Form Calculator Premium, Wordpress | 2026-07-06 | 5.3 Medium |
| Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions. | ||||
| CVE-2026-57751 | 2 Heateor Support, Wordpress | 2 Heateor Social Login, Wordpress | 2026-07-06 | 8.1 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions. | ||||
| CVE-2026-57753 | 2 Nathanbarry, Wordpress | 2 Kit (formerly Convertkit) For Woocommerce, Wordpress | 2026-07-06 | 5.3 Medium |
| Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions. | ||||
| CVE-2026-57755 | 2 Misbah Wp, Wordpress | 2 Mosaic Gallery – Advanced Gallery, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions. | ||||
| CVE-2026-57756 | 2 Wordpress, 友人a丶 | 2 Wordpress, Nicen-localize-image | 2026-07-06 | 8.5 High |
| Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions. | ||||
| CVE-2026-57757 | 2 Ploudapp, Wordpress | 2 Pcloud Wp Backup, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions. | ||||
| CVE-2026-57761 | 2 Blueastralthemes, Wordpress | 2 Seowp, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. | ||||
| CVE-2026-57762 | 2 Andrew Fiebert, Wordpress | 2 Simple Urls, Wordpress | 2026-07-06 | 5.9 Medium |
| Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions. | ||||
| CVE-2026-57763 | 2 Gordon Böhme, Wordpress | 2 Structured Content, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions. | ||||
| CVE-2026-57764 | 2 Surbma, Wordpress | 2 Surbma | Yoast Seo Breadcrumb Shortcode, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions. | ||||
| CVE-2026-57760 | 2 Sendcloud, Wordpress | 2 Sendcloud Shipping, Wordpress | 2026-07-06 | 5.3 Medium |
| Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29. | ||||
| CVE-2026-58652 | 1 Openwrt | 2 Luci-app-travelmate, Travelmate | 2026-07-06 | 7.5 High |
| luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to /etc/travelmate/*.login, this is only a frontend restriction. The backend travelmate service (running as root) reads the raw UCI 'script' and 'script_args' values and executes the configured path when the captive-portal auto-login branch (f_check() in travelmate-functions.sh) is reached. An attacker with delegated write permissions can set script to /bin/sh and script_args to attacker-controlled arguments, resulting in arbitrary command execution as root. Confirmed in luci-app-travelmate/travelmate 2.4.5-r3; the sink is still present in travelmate 2.4.6-1 and no patched version is known. | ||||
| CVE-2026-58455 | 1 Notifiarr | 1 Dockwatch | 2026-07-06 | 9.8 Critical |
| Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authentication redirect in loader.php combined with unsanitized input passed to shell_exec() in ajax/compose.php. Attackers can seed the required session flag through the incomplete auth check, then inject arbitrary commands via the composePath POST parameter in the composePull action to achieve full host compromise, facilitated by the standard deployment mounting of the Docker socket. | ||||