Export limit exceeded: 358273 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (358273 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-10727 1 Ivanti 1 Endpoint Manager Mobile 2026-06-16 7.2 High
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root
CVE-2026-35273 1 Oracle 1 Peoplesoft Enterprise Peopletools 2026-06-16 9.8 Critical
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2026-40809 2026-06-16 6.5 Medium
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1.
CVE-2026-49772 2026-06-16 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2.
CVE-2026-54190 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
CVE-2026-52715 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
CVE-2026-39574 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
CVE-2025-68045 2026-06-16 7.5 High
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
CVE-2026-24061 2 Debian, Gnu 2 Debian Linux, Inetutils 2026-06-16 9.8 Critical
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
CVE-2026-39472 2 Wordpress, Wpovernight 2 Wordpress, Woocommerce Pdf Invoices\& Packing Slips 2026-06-16 7.2 High
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.
CVE-2026-40762 2 Wordpress, Wpgraphql 2 Wordpress, Wpgraphql 2026-06-16 7.5 High
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
CVE-2026-40790 2 Veronalabs, Wordpress 2 Wp Sms, Wordpress 2026-06-16 6.5 Medium
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
CVE-2026-42651 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 6.3 Medium
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
CVE-2026-24858 2 Fortinet, Siemens 8 Fortianalyzer, Fortimanager, Fortinac-f and 5 more 2026-06-16 9.4 Critical
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
CVE-2026-24788 1 Raspap 1 Raspap-webgui 2026-06-16 N/A
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.
CVE-2026-48882 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
CVE-2026-49056 2 Webtoffee, Wordpress 2 Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels, Wordpress 2026-06-16 7.5 High
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
CVE-2026-49068 2 Relywp, Wordpress 2 Coupon Affiliates, Wordpress 2026-06-16 7.5 High
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
CVE-2026-49083 2 Latepoint, Wordpress 2 Latepoint, Wordpress 2026-06-16 7.5 High
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
CVE-2026-22550 1 Elecom 4 Wrc-x1500gs-b, Wrc-x1500gs-b Firmware, Wrc-x1500gsa-b and 1 more 2026-06-16 8.8 High
OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.