Export limit exceeded: 358242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 358242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358242 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39481 | 2 Wordpress, Wpchill | 2 Wordpress, Modula Image Gallery | 2026-06-16 | 7.2 High |
| Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions. | ||||
| CVE-2026-39491 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions. | ||||
| CVE-2026-39499 | 2 Wombat Plugins, Wordpress | 2 Advanced Product Fields Product Addons For Woocommerce, Wordpress | 2026-06-16 | 7.2 High |
| Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions. | ||||
| CVE-2026-39503 | 2 Awesomemotive, Wordpress | 2 Easy Digital Downloads, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions. | ||||
| CVE-2025-24200 | 1 Apple | 2 Ipados, Iphone Os | 2026-06-16 | 6.1 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | ||||
| CVE-2025-29635 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-06-16 | 7.2 High |
| A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution. | ||||
| CVE-2026-39512 | 2 Paolo, Wordpress | 2 Geodirectory, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions. | ||||
| CVE-2026-49105 | 2 Crmperks, Wordpress | 2 Wp Zendesk For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | ||||
| CVE-2026-52693 | 2 Implecode, Wordpress | 2 Ecommerce Product Catalog, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | ||||
| CVE-2025-31200 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-16 | 9.8 Critical |
| A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1. | ||||
| CVE-2025-24132 | 1 Apple | 3 Airplay Audio Software Development Kit, Airplay Video Software Development Kit, Carplay Communication Plug-in | 2026-06-16 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination. | ||||
| CVE-2025-55650 | 1 Gpac | 1 Mp4box | 2026-06-16 | 5.5 Medium |
| A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-55661 | 1 Gpac | 1 Mp4box | 2026-06-16 | 5.5 Medium |
| A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2026-40767 | 2 Tomdever, Wordpress | 2 Wpforo Forum, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions. | ||||
| CVE-2026-48965 | 2 Watchful, Wordpress | 2 Xcloner, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions. | ||||
| CVE-2025-24104 | 1 Apple | 2 Ipados, Iphone Os | 2026-06-16 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files. | ||||
| CVE-2025-24118 | 1 Apple | 2 Ipados, Macos | 2026-06-16 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2025-24160 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-16 | 4.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination. | ||||
| CVE-2025-24131 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-16 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service. | ||||
| CVE-2026-49764 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | ||||