Export limit exceeded: 353263 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (353263 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42728 | 2026-05-27 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through <= 2.8.2. | ||||
| CVE-2026-42735 | 2026-05-27 | 8.2 High | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0. | ||||
| CVE-2026-42744 | 2026-05-27 | 6.5 Medium | ||
| Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through <= 3.0.2. | ||||
| CVE-2026-42747 | 2026-05-27 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through <= 4.0.6. | ||||
| CVE-2026-42749 | 2026-05-27 | 7.1 High | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types (Remove comments): from n/a through <= 1.3.0. | ||||
| CVE-2026-42750 | 2026-05-27 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nexcess WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <= 2.9.5.4. | ||||
| CVE-2026-42751 | 2026-05-27 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through <= 2.1.18. | ||||
| CVE-2026-42757 | 2026-05-27 | 9.9 Critical | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253. | ||||
| CVE-2026-42759 | 2026-05-27 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through <= 1.10.1. | ||||
| CVE-2026-42758 | 2026-05-27 | 9.8 Critical | ||
| Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253. | ||||
| CVE-2026-2288 | 2026-05-27 | 4.8 Medium | ||
| The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_title' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2026-42762 | 2026-05-27 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.9. | ||||
| CVE-2026-3896 | 2 Livemesh, Wordpress | 2 Livemesh Siteorigin Widgets, Wordpress | 2026-05-27 | 6.4 Medium |
| The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `lsow_admin_ajax` AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not check user capabilities. This makes it possible for authenticated attackers with Subscriber-level access and above to modify plugin settings and inject malicious scripts that execute when administrators access the plugin settings page or when any user visits the frontend. | ||||
| CVE-2026-48877 | 2026-05-27 | 6.5 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0. | ||||
| CVE-2026-4051 | 1 Ibm | 1 Engineering Lifecycle Management | 2026-05-27 | 7.2 High |
| IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted. | ||||
| CVE-2026-9574 | 1 Itsourcecode | 1 Student Transcript Processing System | 2026-05-27 | 7.3 High |
| A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-27331 | 2 Magepeople, Wordpress | 2 Wptravelly, Wordpress | 2026-05-27 | 6.3 Medium |
| Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5. | ||||
| CVE-2026-25444 | 2 Magepeopleteam, Wordpress | 2 Wpbookingly, Wordpress | 2026-05-27 | 4.3 Medium |
| Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9. | ||||
| CVE-2026-24520 | 2 Bplugins, Wordpress | 2 Tiktok Feed Plugin, Wordpress | 2026-05-27 | 4.3 Medium |
| Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24. | ||||
| CVE-2026-25426 | 2 Magepeople, Wordpress | 2 Taxi Booking Manager For Woocommerce, Wordpress | 2026-05-27 | 5.3 Medium |
| Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.1. | ||||