Export limit exceeded: 356992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356992 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55599 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortisase | 2026-06-09 | 4.9 Medium |
| An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices. | ||||
| CVE-2024-52963 | 1 Fortinet | 2 Fortios, Fortipam | 2026-06-09 | 3.5 Low |
| A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. | ||||
| CVE-2024-50562 | 1 Fortinet | 3 Fortios, Fortipam, Fortisase | 2026-06-09 | 4.4 Medium |
| An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. | ||||
| CVE-2024-32122 | 1 Fortinet | 1 Fortios | 2026-06-09 | 2.1 Low |
| A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server. | ||||
| CVE-2026-41973 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 5.9 Medium |
| Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41984 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 5.2 Medium |
| UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2026-11053 | 1 Chromium | 1 Browser | 2026-06-09 | 6.5 Medium |
| A vulnerability flaw was found in the WebRTC component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=498841456 | ||||
| CVE-2026-11099 | 1 Chromium | 1 Chromium | 2026-06-09 | 6.5 Medium |
| A vulnerability flaw was found in the Skia component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=500414865 | ||||
| CVE-2026-41986 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 2.4 Low |
| Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41977 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 5 Medium |
| DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41981 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 5.3 Medium |
| Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-36789 | 1 Tenda | 1 Ac1206 | 2026-06-09 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-36786 | 1 Tenda | 1 Fh451 | 2026-06-09 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2021-47983 | 2 Mra13, Wordpress | 2 Accept Stripe Payments, Wordpress | 2026-06-09 | 6.4 Medium |
| WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can submit POST requests to /wp-admin/options.php with script payloads in the currency_code field to execute arbitrary JavaScript in administrator browsers when settings are viewed. | ||||
| CVE-2021-47984 | 2 Wordpress, Wp24 | 2 Wordpress, Wp24 Domain Check | 2026-06-09 | 6.4 Medium |
| WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at options.php that execute in the browsers of administrators viewing the settings page. | ||||
| CVE-2022-50953 | 2 Brooks24, Wordpress | 2 Admin-word-count-column, Wordpress | 2026-06-09 | 6.2 Medium |
| WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration. | ||||
| CVE-2023-54351 | 2 Sonaar, Wordpress | 2 Sonaar Music Plugin, Wordpress | 2026-06-09 | 7.2 High |
| WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored and executed in the browsers of users viewing the affected playlist pages. | ||||
| CVE-2023-54352 | 2 Wordpress, Wp Travel Kit | 2 Wordpress, Travelscape | 2026-06-09 | 9.8 Critical |
| WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access. | ||||
| CVE-2024-58348 | 2 Background-image-cropper, Wordpress | 2 Background Image Cropper, Wordpress | 2026-06-09 | 9.8 Critical |
| WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server. | ||||
| CVE-2024-58349 | 2 Wordpress, Wp Travel Kit | 2 Wordpress, Travelscape | 2026-06-09 | 9.8 Critical |
| WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation. | ||||