Export limit exceeded: 361516 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361516 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361516 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361516 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54825 | 2 Wordpress, Wpdatatables | 2 Wordpress, Wpdatatables | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in wpDataTables <= 7.4 versions. | ||||
| CVE-2026-56061 | 2 Wordpress, Wp Swings | 2 Wordpress, Subscriptions For Woocommerce | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions. | ||||
| CVE-2026-56064 | 2 Themefic, Wordpress | 2 Tourfic, Wordpress | 2026-06-26 | 8.5 High |
| Subscriber SQL Injection in Tourfic <= 2.22.5 versions. | ||||
| CVE-2026-57631 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-06-26 | 7.6 High |
| Administrator SQL Injection in Popup box <= 6.0.1 versions. | ||||
| CVE-2026-57646 | 2 Majesticsupport, Wordpress | 2 Majestic Support, Wordpress | 2026-06-26 | 5.4 Medium |
| Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions. | ||||
| CVE-2026-57654 | 2 Wordpress, Wp.insider | 2 Wordpress, Affiliates Manager | 2026-06-26 | 6.5 Medium |
| Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions. | ||||
| CVE-2026-57661 | 2 Nexcess, Wordpress | 2 Wpcomplete, Wordpress | 2026-06-26 | 5.4 Medium |
| Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions. | ||||
| CVE-2026-11834 | 2 Tp-link, Tp Link | 7 Archer C20 V5, Archer C20 V6, Archer Mr200 V07 and 4 more | 2026-06-26 | N/A |
| A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially resulting in unauthorized command execution during device initialization or provisioning workflows. This typically occurs when the device is in a factory-default or unconfigured state. Successful exploitation may allow an adjacent, unauthenticated attacker to execute arbitrary commands with elevated privileges, potentially leading to full compromise of the affected device and unauthorized administrative control. | ||||
| CVE-2026-4367 | 2 Libxpm Projet, Redhat | 4 Libxpm, Enterprise Linux, Hardened Images and 1 more | 2026-06-26 | 5.5 Medium |
| A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions. | ||||
| CVE-2026-8380 | 2 Frontend File Manager Plugin, Wordpress | 2 Frontend File Manager Plugin, Wordpress | 2026-06-26 | 6.5 Medium |
| The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugin WordPress plugin through 23.6's "Allow guest uploads" setting is enabled by an administrator, the same deletion primitive becomes reachable by unauthenticated users. | ||||
| CVE-2026-5757 | 2026-06-26 | 7.5 High | ||
| Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence. | ||||
| CVE-2026-9699 | 1 Mattermost | 1 Mattermost | 2026-06-26 | 6.8 Medium |
| Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609 | ||||
| CVE-2026-52701 | 2 Themegrill, Wordpress | 2 User Registration, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions. | ||||
| CVE-2026-57318 | 2 Geminilabs, Wordpress | 2 Site Reviews, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions. | ||||
| CVE-2026-57322 | 2 Wedevs, Wordpress | 2 Wemail, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions. | ||||
| CVE-2026-57629 | 2 Statcounter, Wordpress | 2 Statcounter, Wordpress | 2026-06-26 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions. | ||||
| CVE-2026-57636 | 2 Tomdever, Wordpress | 2 Wpforo Forum, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. | ||||
| CVE-2026-57642 | 2 Bestwebsoft, Wordpress | 2 Gallery, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in Gallery <= 4.7.8 versions. | ||||
| CVE-2026-57648 | 2 Nelio Software, Wordpress | 2 Nelio Content, Wordpress | 2026-06-26 | 4.3 Medium |
| Contributor Broken Access Control in Nelio Content <= 4.3.4 versions. | ||||
| CVE-2026-57650 | 2 Blockart, Wordpress | 2 Magazine Blocks, Wordpress | 2026-06-26 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions. | ||||