Export limit exceeded: 361947 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (361947 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-48700 2 Synacor, Zimbra 2 Zimbra Collaboration Suite, Zimbra 2026-06-16 6.1 Medium
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.
CVE-2026-49065 2 Hippooo, Wordpress 2 Hippoo Mobile App For Woocommerce, Wordpress 2026-06-16 8.2 High
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
CVE-2026-49763 2 Crm Perks, Wordpress 2 Integration For Contact Form 7 Hubspot, Wordpress 2026-06-16 9.8 Critical
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
CVE-2025-43539 1 Apple 3 Macos, Macos Sequoia, Macos Sonoma 2026-06-16 8.8 High
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.
CVE-2026-52697 2 Taskbuilder, Wordpress 2 Taskbuilder, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
CVE-2026-34886 2 Wordpress, Wp.insider 2 Wordpress, Simple Membership 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
CVE-2025-69902 1 Rohitg00 1 Kubectl-mcp-server 2026-06-16 9.8 Critical
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
CVE-2025-63706 1 Afeiship 1 Next-npm-version 2026-06-16 9.8 Critical
NPM package next-npm-version1.0.1 is vulnerable to Command injection.
CVE-2025-12686 1 Synology 2 Beestation Manager, Beestation Os 2026-06-16 9.8 Critical
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2025-41275 2 Waterfall, Waterfall-security 3 Wf-500, Wf-500, Wf-500 Firmware 2026-06-16 9.8 Critical
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
CVE-2026-40781 2 Reviewx, Wordpress 2 Reviewx, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
CVE-2026-40782 2 Greg Winiarski, Wordpress 2 Wpadverts, Wordpress 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
CVE-2026-40787 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
CVE-2026-40788 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-06-16 7.1 High
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
CVE-2026-40791 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVE-2026-40794 2 Mycred, Wordpress 2 Mycred, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
CVE-2026-42386 2 Tychesoftwares, Wordpress 2 Order Delivery Date For Woocommerce, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
CVE-2026-42639 2 Dev4press, Wordpress 2 Gd Rating System, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.
CVE-2026-42658 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2025-24252 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2026-06-16 8.8 High
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.