Export limit exceeded: 359891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359891 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15659 | 2026-06-15 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions. | ||||
| CVE-2026-12201 | 1 Iobit | 1 Malware Fighter | 2026-06-15 | 5.3 Medium |
| A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12220 | 1 Yealink | 1 Sip-t46u | 2026-06-15 | 8 High |
| A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12208 | 1 Jsonata-js | 1 Jsonata | 2026-06-15 | 5.3 Medium |
| A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-49766 | 2026-06-15 | 9.9 Critical | ||
| Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | ||||
| CVE-2026-49109 | 2026-06-15 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | ||||
| CVE-2026-48878 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions. | ||||
| CVE-2026-48868 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions. | ||||
| CVE-2026-45441 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions. | ||||
| CVE-2026-42381 | 2026-06-15 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions. | ||||
| CVE-2026-42378 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions. | ||||
| CVE-2026-40796 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions. | ||||
| CVE-2026-40776 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions. | ||||
| CVE-2026-40775 | 2026-06-15 | 7.3 High | ||
| Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions. | ||||
| CVE-2026-40773 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions. | ||||
| CVE-2026-40772 | 2026-06-15 | 10 Critical | ||
| Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions. | ||||
| CVE-2026-40741 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. | ||||
| CVE-2026-39591 | 2026-06-15 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. | ||||
| CVE-2026-42909 | 1 Microsoft | 30 Remote Desktop, Remote Desktop Client, Windows 10 1607 and 27 more | 2026-06-15 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-39507 | 2026-06-15 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions. | ||||