Export limit exceeded: 359197 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359197 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47847 | 2026-06-18 | 5.3 Medium | ||
| Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor respectively. This user is granted REPLICATION CLIENT privileges from any host ('%'). The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user's credentials, resulting in all chart deployments using this publicly known credential by default. Affected versions — Container image: 10.6.x prior to 10.6.27-photon-5-r0; 10.11.x prior to 10.11.17-photon-5-r1; 11.4.x prior to 11.4.12-photon-5-r0; 11.8.x prior to 11.8.7-photon-5-r1; 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0. Helm chart: prior to 18.3.0. | ||||
| CVE-2026-12307 | 1 Mozilla | 1 Firefox | 2026-06-18 | 5.3 Medium |
| Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-12310 | 1 Mozilla | 1 Firefox | 2026-06-18 | 7.5 High |
| Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-12439 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-0082 | 1 Google | 1 Android | 2026-06-18 | N/A |
| In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-32748 | 1 Dell | 1 Powerflex Rack | 2026-06-18 | 4.3 Medium |
| Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections. | ||||
| CVE-2026-20178 | 2026-06-18 | 4.3 Medium | ||
| A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website. | ||||
| CVE-2026-11311 | 1 F5 | 1 Nginx Gateway Fabric | 2026-06-18 | 8.1 High |
| When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the AuthenticationFilter Custom Resource Definition extraAuthArgs field are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-11777 | 2 10web, Wordpress | 2 Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder, Wordpress | 2026-06-18 | 4.9 Medium |
| The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-11360 | 2 Algolplus, Wordpress | 2 Advanced Order Export For Woocommerce, Wordpress | 2026-06-18 | 4.9 Medium |
| The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_direction' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The endpoint requires a valid woe_nonce and Shop Manager-level capabilities (view_woocommerce_reports or export_woocommerce_orders), and wp_magic_quotes protection is stripped via stripslashes_deep() before processing, allowing quote and backslash characters to survive intact into the SQL context. | ||||
| CVE-2026-10736 | 2 Themeum, Wordpress | 2 Tutor Lms – Elearning And Online Course Solution, Wordpress | 2026-06-18 | 4.9 Medium |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-10623 | 2026-06-18 | 4.3 Medium | ||
| The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'rule_id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with custom-level access and above, to modify or delete quiz rules belonging to other teachers, resulting in unauthorized tampering of another user's quiz structure. | ||||
| CVE-2026-12290 | 1 Mozilla | 1 Firefox | 2026-06-18 | 8.1 High |
| Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-12298 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-18 | 5.4 Medium |
| Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-12305 | 1 Mozilla | 1 Firefox | 2026-06-18 | 7.5 High |
| Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-10696 | 2026-06-18 | 7.5 High | ||
| Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an attacker-controlled installer via a crafted catalog package whose normalized name is contained as a substring within the installed application name when a user applies the proposed update. | ||||
| CVE-2026-12527 | 2026-06-18 | N/A | ||
| A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1_V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-time video stream data. | ||||
| CVE-2026-12093 | 2 Wordpress, Wpinsider-1 | 2 Wordpress, Simple Membership | 2026-06-18 | 5.3 Medium |
| The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitrary member accounts by forging a charge.refunded webhook event containing a victim's subscription ID, setting the target member's account_state to 'inactive' and triggering cancellation hooks, transaction-record status changes, and cancellation notification emails. This vulnerability is exploitable only on installations where no Stripe webhook signing secret has been configured, which is the default out-of-the-box state; sites that have configured the stripe-webhook-signing-secret option are routed to the properly verified HMAC path and are not affected. | ||||
| CVE-2026-12102 | 2 Stiofansisland, Wordpress | 2 Userswp – Front-end Login Form, User Registration, User Profile & Members Directory Plugin For Wp, Wordpress | 2026-06-18 | 2.7 Low |
| The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'user_id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with editor-level access and above, to reset and permanently delete the avatar or banner image of any arbitrary user, including administrators, by clearing their avatar_thumb or banner_thumb metadata in the uwp_usermeta table. | ||||
| CVE-2026-12111 | 2 Codepeople, Wordpress | 2 Appointment Booking Calendar, Wordpress | 2026-06-18 | 4.3 Medium |
| The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabc_appointments_calendar_load2() function, which is reachable via the cpabc_calendar_load2=1 query parameter in wp-admin and only checks is_admin() && current_user_can('edit_posts'), a capability available to Contributor-level users and above. This makes it possible for authenticated attackers with Contributor-level access and above to supply an arbitrary calendar ID via the id parameter and extract customer booking information, including email addresses, names, phone numbers, booking times, and comments, from any calendar managed by the plugin. | ||||