Export limit exceeded: 360021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360021 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48889 | 2 Tms, Wordpress | 2 Amelia, Wordpress | 2026-06-23 | 8.8 High |
| Subscriber Privilege Escalation in Amelia <= 2.3 versions. | ||||
| CVE-2026-48966 | 2 Funnelkit, Wordpress | 2 Funnel Builder By Funnelkit, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions. | ||||
| CVE-2026-49063 | 2 Webilia Inc., Wordpress | 2 Listdom, Wordpress | 2026-06-23 | 7.3 High |
| Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. | ||||
| CVE-2026-49066 | 2 Conekta Group, Wordpress | 2 Conekta Payment Gateway, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions. | ||||
| CVE-2026-49067 | 2 Wordpress, Yydevelopment | 2 Wordpress, Advanced 301 And 302 Redirect | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions. | ||||
| CVE-2026-49070 | 2 Knit Pay, Wordpress | 2 Knit Pay, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. | ||||
| CVE-2026-49082 | 2 Chatway Live Chat, Wordpress | 2 Chatway Live Chat – Ai Chatbot, Customer Support, Faq & Helpdesk Customer Service & Chat Buttons, Wordpress | 2026-06-23 | 7.4 High |
| Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. | ||||
| CVE-2026-49780 | 2 Dokan, Inc., Wordpress | 2 Dokan, Wordpress | 2026-06-23 | 8.8 High |
| Customer Privilege Escalation in Dokan <= 5.0.2 versions. | ||||
| CVE-2026-52692 | 2 Wordpress, Wp.insider | 2 Wordpress, Affiliates Manager | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | ||||
| CVE-2026-52694 | 2 Wordpress, Wp E-signature | 2 Wordpress, Signature Add-on For Woocommerce | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | ||||
| CVE-2026-52695 | 2 Al Monsor, Wordpress | 2 Abc Crypto Checkout, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | ||||
| CVE-2026-52700 | 2 Wcmultishipping – Mondial Relay & Chronopost For Wooommerce, Wordpress | 2 Wcmultishipping, Wordpress | 2026-06-23 | 8.5 High |
| Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | ||||
| CVE-2026-52702 | 2 Wordpress, Wp-buy | 2 Wordpress, Seo Redirection | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | ||||
| CVE-2026-48157 | 1 Slimphp | 1 Slim | 2026-06-23 | 6.1 Medium |
| Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle() and/or setDescription() to include untrusted/request-derived data in the error title or description (e.g. "No products found matching '{$query}'."), an attacker could inject arbitrary HTML/JavaScript that executes in the victim's browser when they encounter an HTML error page generated by Slim. The vulnerability is present even with displayErrorDetails = false as the unescaped title and description are rendered on this error path. Built-in exceptions (HttpNotFoundException, HttpBadRequestException, etc.) ship plain-text defaults, so a vanilla Slim app with no user code is not exploitable. Only applications that feed untrusted data into setTitle() and/or setDescription() are affected. The issue has been fixed in 4.15.2. If developers are unable to immediately update their applications, they can work around this issue by avoiding passing untrusted/request-derived data into HttpException::setTitle() and setDescription() and using static, plain-text error copy instead. They should also register a custom error renderer (an ErrorRendererInterface implementation, or a subclass of HtmlErrorRenderer that escapes the title and description) for the HTML media type. | ||||
| CVE-2026-12087 | 1 Pevans | 1 Socket | 2026-06-23 | 9.1 Critical |
| Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure. | ||||
| CVE-2026-11832 | 1 Biafra | 1 Dancer2::plugin::auth::oauth | 2026-06-23 | 9.1 Critical |
| Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable. | ||||
| CVE-2026-5064 | 2 Hp, Hp Inc. | 2 One Agent Software, Hp One Agent Software | 2026-06-23 | N/A |
| Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities. | ||||
| CVE-2026-48723 | 1 Browserstack | 1 Browserstack-cypress-cli | 2026-06-23 | 7.8 High |
| The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6. | ||||
| CVE-2026-42014 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-23 | 6.6 Medium |
| A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path. | ||||
| CVE-2026-10780 | 2 Mohammadtanzilurrahman, Wordpress | 2 Static Block, Wordpress | 2026-06-23 | 4.3 Medium |
| The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the static_block_content() shortcode handler retrieving a post via get_post() using an attacker-supplied 'id' attribute and outputting its post_content without verifying the post's status (private, draft, pending) or the requesting user's capability to view it. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary posts, including private and draft static blocks (and any other post type) created by administrators, by embedding the [static_block_content id="X"] shortcode in their own content and previewing it. | ||||