Search
Search Results (361694 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69133 | 2 Goodlayers, Wordpress | 2 Tour Master, Wordpress | 2026-07-02 | 7.5 High |
| Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions. | ||||
| CVE-2025-69156 | 2026-07-02 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions. | ||||
| CVE-2026-27414 | 2026-07-02 | 8.8 High | ||
| Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions. | ||||
| CVE-2026-27436 | 2026-07-02 | 9.1 Critical | ||
| Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions. | ||||
| CVE-2026-57344 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions. | ||||
| CVE-2026-57351 | 2 Haktansuren, Wordpress | 2 Handl Utm Grabber, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions. | ||||
| CVE-2026-57357 | 2026-07-02 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO <= 2.6.6 versions. | ||||
| CVE-2026-57366 | 2 Greg Winiarski, Wordpress | 2 Wpadverts, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WPAdverts <= 2.3.1 versions. | ||||
| CVE-2026-57669 | 2026-07-02 | 6.5 Medium | ||
| Subscriber Broken Access Control in Advanced Contact form 7 DB <= 2.0.9 versions. | ||||
| CVE-2026-57675 | 2 Jacob N. Breetvelt, Wordpress | 2 Wp Photo Album Plus, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus <= 9.2.02.004 versions. | ||||
| CVE-2026-57683 | 2026-07-02 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. | ||||
| CVE-2026-57689 | 2026-07-02 | 4.3 Medium | ||
| Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions. | ||||
| CVE-2026-57748 | 2026-07-02 | 7.5 High | ||
| Contributor Local File Inclusion in Shopify <= 1.0.0 versions. | ||||
| CVE-2026-57754 | 2026-07-02 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions. | ||||
| CVE-2026-57761 | 2026-07-02 | 7.1 High | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. | ||||
| CVE-2026-56037 | 2026-07-02 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3. | ||||
| CVE-2026-54404 | 2026-07-02 | 8.8 High | ||
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. | ||||
| CVE-2026-55110 | 2026-07-02 | 7.5 High | ||
| A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session. | ||||
| CVE-2026-50746 | 2026-07-02 | 10 Critical | ||
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device. | ||||
| CVE-2026-50747 | 2026-07-02 | 9.9 Critical | ||
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device. | ||||