Export limit exceeded: 359269 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359269 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42662 | 2026-06-15 | 6.5 Medium | ||
| Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions. | ||||
| CVE-2026-42381 | 2026-06-15 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions. | ||||
| CVE-2026-42378 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions. | ||||
| CVE-2026-40796 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions. | ||||
| CVE-2026-40776 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions. | ||||
| CVE-2026-40775 | 2026-06-15 | 7.3 High | ||
| Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions. | ||||
| CVE-2026-40773 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions. | ||||
| CVE-2026-40772 | 2026-06-15 | 10 Critical | ||
| Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions. | ||||
| CVE-2026-40741 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. | ||||
| CVE-2026-39591 | 2026-06-15 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. | ||||
| CVE-2026-42909 | 1 Microsoft | 30 Remote Desktop, Remote Desktop Client, Windows 10 1607 and 27 more | 2026-06-15 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-39507 | 2026-06-15 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions. | ||||
| CVE-2026-39492 | 2026-06-15 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions. | ||||
| CVE-2026-9691 | 2026-06-15 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | ||||
| CVE-2026-11931 | 1 Aws | 1 Kiro Ide | 2026-06-15 | 5.5 Medium |
| Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600). To remediate this issue, users should upgrade to Kiro IDE version 0.11.133 or later. After upgrading and restarting the application, the cache file permissions are automatically updated on the next token refresh. Users operating in a multi-user environment can invalidate existing tokens by reauthenticating. | ||||
| CVE-2026-42985 | 1 Microsoft | 30 Remote Desktop, Remote Desktop Client, Windows 10 1607 and 27 more | 2026-06-15 | 8.8 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-42992 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-06-15 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-42993 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-15 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-44799 | 1 Microsoft | 30 Remote Desktop, Remote Desktop Client, Windows 10 1607 and 27 more | 2026-06-15 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-44545 | 1 Djangoproject | 1 Daphne | 2026-06-15 | 5.3 Medium |
| daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory consumption and a denial of service. | ||||