Export limit exceeded: 359050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359050 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22328 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions. | ||||
| CVE-2025-60229 | 2026-06-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0. | ||||
| CVE-2025-49403 | 2 Aa-team, Wordpress | 2 Premium Age Verification Restriction For Wordpress, Wordpress | 2026-06-17 | 7.5 High |
| Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions. | ||||
| CVE-2025-69128 | 2026-06-17 | 8.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3. | ||||
| CVE-2025-69120 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. | ||||
| CVE-2025-69140 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions. | ||||
| CVE-2026-39546 | 2 Techspawn, Wordpress | 2 Multiloca, Wordpress | 2026-06-17 | 7.6 High |
| Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions. | ||||
| CVE-2025-60231 | 2026-06-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1. | ||||
| CVE-2024-32949 | 2 Prince, Wordpress | 2 Integrate Google Drive, Wordpress | 2026-06-17 | 8.3 High |
| Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8. | ||||
| CVE-2024-33909 | 2 Avirtum, Wordpress | 2 Ipages Flipbook, Wordpress | 2026-06-17 | 5.3 Medium |
| Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1. | ||||
| CVE-2024-35690 | 2 Marketingfire, Wordpress | 2 Widget-options, Wordpress | 2026-06-17 | 6.5 Medium |
| Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. | ||||
| CVE-2026-31456 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walk_pud_range() can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. An example and reproduction of this is to try reading numa_maps of a process while VFIO-PCI is setting up DMA (specifically the vfio_pin_pages_remote call) on a large BAR for that process. This will trigger a kernel BUG: vfio-pci 0000:03:00.0: enabling device (0000 -> 0002) BUG: unable to handle page fault for address: ffffa23980000000 PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI ... RIP: 0010:walk_pgd_range+0x3b5/0x7a0 Code: 8d 43 ff 48 89 44 24 28 4d 89 ce 4d 8d a7 00 00 20 00 48 8b 4c 24 28 49 81 e4 00 00 e0 ff 49 8d 44 24 ff 48 39 c8 4c 0f 43 e3 <49> f7 06 9f ff ff ff 75 3b 48 8b 44 24 20 48 8b 40 28 48 85 c0 74 RSP: 0018:ffffac23e1ecf808 EFLAGS: 00010287 RAX: 00007f44c01fffff RBX: 00007f4500000000 RCX: 00007f44ffffffff RDX: 0000000000000000 RSI: 000ffffffffff000 RDI: ffffffff93378fe0 RBP: ffffac23e1ecf918 R08: 0000000000000004 R09: ffffa23980000000 R10: 0000000000000020 R11: 0000000000000004 R12: 00007f44c0200000 R13: 00007f44c0000000 R14: ffffa23980000000 R15: 00007f44c0000000 FS: 00007fe884739580(0000) GS:ffff9b7d7a9c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffa23980000000 CR3: 000000c0650e2005 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> __walk_page_range+0x195/0x1b0 walk_page_vma+0x62/0xc0 show_numa_map+0x12b/0x3b0 seq_read_iter+0x297/0x440 seq_read+0x11d/0x140 vfs_read+0xc2/0x340 ksys_read+0x5f/0xe0 do_syscall_64+0x68/0x130 ? get_page_from_freelist+0x5c2/0x17e0 ? mas_store_prealloc+0x17e/0x360 ? vma_set_page_prot+0x4c/0xa0 ? __alloc_pages_noprof+0x14e/0x2d0 ? __mod_memcg_lruvec_state+0x8d/0x140 ? __lruvec_stat_mod_folio+0x76/0xb0 ? __folio_mod_stat+0x26/0x80 ? do_anonymous_page+0x705/0x900 ? __handle_mm_fault+0xa8d/0x1000 ? __count_memcg_events+0x53/0xf0 ? handle_mm_fault+0xa5/0x360 ? do_user_addr_fault+0x342/0x640 ? arch_exit_to_user_mode_prepare.constprop.0+0x16/0xa0 ? irqentry_exit_to_user_mode+0x24/0x100 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fe88464f47e Code: c0 e9 b6 fe ff ff 50 48 8d 3d be 07 0b 00 e8 69 01 02 00 66 0f 1f 84 00 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28 RSP: 002b:00007ffe6cd9a9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007fe88464f47e RDX: 0000000000020000 RSI: 00007fe884543000 RDI: 0000000000000003 RBP: 00007fe884543000 R08: 00007fe884542010 R09: 0000000000000000 R10: fffffffffffffbc5 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000 </TASK> Fix this by validating the PUD entry in walk_pmd_range() using a stable snapshot (pudp_get()). If the PUD is not present or is a leaf, retry the walk via ACTION_AGAIN instead of descending further. This mirrors the retry logic in walk_pte_range(), which lets walk_pmd_range() retry if the PTE is not being got by pte_offset_map_lock(). | ||||
| CVE-2025-58952 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions. | ||||
| CVE-2025-60218 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions. | ||||
| CVE-2025-69138 | 2026-06-17 | 8.8 High | ||
| Subscriber Privilege Escalation in Genemy <= 1.6.6 versions. | ||||
| CVE-2025-69173 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions. | ||||
| CVE-2026-40723 | 2 Bricks, Wordpress | 2 Bricks Builder, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions. | ||||
| CVE-2026-48967 | 2 Dylan Kuhn, Wordpress | 2 Geo Mashup, Wordpress | 2026-06-17 | 8.5 High |
| Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions. | ||||
| CVE-2026-49071 | 2 Opmc, Wordpress | 2 Woocommerce Dropshipping, Wordpress | 2026-06-17 | 6.5 Medium |
| Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions. | ||||
| CVE-2026-24575 | 2 Wishlist Member, Wordpress | 2 Wishlist Member X, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions. | ||||