Export limit exceeded: 356918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32122 | 1 Fortinet | 1 Fortios | 2026-06-09 | 2.1 Low |
| A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server. | ||||
| CVE-2026-41973 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 5.9 Medium |
| Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-46315 | 1 Linux | 1 Linux Kernel | 2026-06-09 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in struct io_waitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it does not initialize info itself. If the wait operation completes without reporting a child event, the common wait code can return without writing wo_info. In that case io_waitid_finish() still copies iw->info to userspace, exposing stale bytes from the reused io_kiocb command storage. Clear the result storage during prep so the io_uring path matches the regular waitid syscall, which uses a zero-initialized struct waitid_info. | ||||
| CVE-2026-41984 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 5.2 Medium |
| UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2026-11053 | 1 Chromium | 1 Browser | 2026-06-09 | 6.5 Medium |
| A vulnerability flaw was found in the WebRTC component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=498841456 | ||||
| CVE-2026-11099 | 1 Chromium | 1 Chromium | 2026-06-09 | 6.5 Medium |
| A vulnerability flaw was found in the Skia component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=500414865 | ||||
| CVE-2026-41986 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 2.4 Low |
| Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41977 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 5 Medium |
| DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41981 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 5.3 Medium |
| Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-36789 | 1 Tenda | 1 Ac1206 | 2026-06-09 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-36786 | 1 Tenda | 1 Fh451 | 2026-06-09 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2021-47983 | 2 Mra13, Wordpress | 2 Accept Stripe Payments, Wordpress | 2026-06-09 | 6.4 Medium |
| WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can submit POST requests to /wp-admin/options.php with script payloads in the currency_code field to execute arbitrary JavaScript in administrator browsers when settings are viewed. | ||||
| CVE-2021-47984 | 2 Wordpress, Wp24 | 2 Wordpress, Wp24 Domain Check | 2026-06-09 | 6.4 Medium |
| WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at options.php that execute in the browsers of administrators viewing the settings page. | ||||
| CVE-2022-50953 | 2 Brooks24, Wordpress | 2 Admin-word-count-column, Wordpress | 2026-06-09 | 6.2 Medium |
| WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration. | ||||
| CVE-2023-54351 | 2 Sonaar, Wordpress | 2 Sonaar Music Plugin, Wordpress | 2026-06-09 | 7.2 High |
| WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored and executed in the browsers of users viewing the affected playlist pages. | ||||
| CVE-2023-54352 | 2 Wordpress, Wp Travel Kit | 2 Wordpress, Travelscape | 2026-06-09 | 9.8 Critical |
| WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access. | ||||
| CVE-2024-58348 | 2 Background-image-cropper, Wordpress | 2 Background Image Cropper, Wordpress | 2026-06-09 | 9.8 Critical |
| WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server. | ||||
| CVE-2024-58349 | 2 Wordpress, Wp Travel Kit | 2 Wordpress, Travelscape | 2026-06-09 | 9.8 Critical |
| WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation. | ||||
| CVE-2026-11491 | 2 Codeastro, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2026-06-09 | 2.4 Low |
| A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS Triggered by Ashik Mohamed')"> as part of POST leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-5119 | 2 Gnome, Redhat | 9 Libsoup, Enterprise Linux, Enterprise Linux Eus and 6 more | 2026-06-09 | 5.9 Medium |
| A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation. | ||||