Export limit exceeded: 365600 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365600 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-12906 2026-07-16 N/A
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed posts.
CVE-2026-55039 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-16 7.8 High
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-12684 2026-07-16 N/A
The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files (bounded to an image and video allowlist) to the Media Library and create attachment posts, leading to media library pollution and disk space exhaustion.
CVE-2026-12585 2026-07-16 N/A
The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is enabled.
CVE-2026-12525 2026-07-16 N/A
The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the Redux Framework WordPress plugin before 4.5.13's user-profile (Users extension) feature is enabled.
CVE-2026-61440 2 Mervinpraison, Praison 2 Praisonai, Praisonai 2026-07-16 6.5 Medium
PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to alter shared label taxonomy and manipulate issue-label associations without owner or admin authorization.
CVE-2026-15809 1 Redhat 2 Confidential Compute Attestation, Openshift 2026-07-16 7.8 High
A flaw was found in CRI-O. The fix for a previous vulnerability (CVE-2022-4318) was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
CVE-2026-15458 2 Cleverplugins, Wordpress 2 Seo Booster, Wordpress 2026-07-16 4.9 Medium
The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_field' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-50675 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-16 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-53366 1 Linux 1 Linux Kernel 2026-07-16 N/A
In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In __ip_append_data(), when the paged-allocation branch is taken, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen; datalen already includes fraggap, but the fraggap bytes carried over from the previous skb are copied into the new skb's linear area at offset transhdrlen by the subsequent skb_copy_and_csum_bits(). The linear area is therefore undersized by fraggap bytes while pagedlen is overstated by the same amount. The non-paged branch sets alloclen to fraglen, which already accounts for fraggap because datalen does. Bring the paged branch in line by adding fraggap to alloclen and subtracting it from pagedlen. After this adjustment, copy no longer collapses to -fraggap on the paged path, so remove the stale comment describing that old arithmetic.
CVE-2026-15336 2 Catchplugins, Wordpress 2 Catch Themes Demo Import, Wordpress 2026-07-16 4.3 Medium
The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catch_themes_demo_import_activate_plugin() function, hooked on admin_init when the activate_plugin GET parameter is present, calling Plugin_Upgrader::install() to download and install a plugin from WordPress.org before performing the current_user_can('activate_plugins') capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to install the hardcoded 'essential-content-types' plugin from the WordPress.
CVE-2026-54988 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-16 6.1 Medium
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55124 1 Microsoft 11 365 Apps, Office 2019, Office 2021 and 8 more 2026-07-16 5.5 Medium
Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55051 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-16 6.5 Medium
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
CVE-2026-55138 1 Microsoft 10 365 Apps, Excel 2016, Microsoft Office 365 For Mac and 7 more 2026-07-16 5.5 Medium
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-54124 1 Microsoft 8 Terminal, Windows 10 21h2, Windows 10 22h2 and 5 more 2026-07-16 7.8 High
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally.
CVE-2026-48335 2026-07-16 7.8 High
Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-48321 2026-07-16 9.3 Critical
ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. Exploitation of this issue does not require user interaction. Scope is changed.
CVE-2026-13385 1 Asus 1 Router 2026-07-16 N/A
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the '  Security Update for ASUS Router Firmware  ' section on the ASUS Security Advisory for more information.
CVE-2026-13042 2026-07-16 7.2 High
The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. WordPress's save-time kses sanitization does not mitigate this issue because the crafted payload uses only kses-allowed tags and attributes (such as an <a> element with title and href), and the dangerous attribute-breaking HTML is synthesized entirely at render time by the plugin's own comment_text filter.