Export limit exceeded: 361807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361807 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57912 | 1 Johnson & Johnson | 1 Campus Recruiting | 2026-06-29 | 7.5 High |
| Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers. | ||||
| CVE-2026-57913 | 1 Johnson & Johnson | 1 Audit Tracking Management System | 2026-06-29 | 7.5 High |
| Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts. | ||||
| CVE-2025-7958 | 1 Trellix | 1 Network Security | 2026-06-29 | N/A |
| A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details. | ||||
| CVE-2026-57473 | 1 Reolink | 1 Home Hub | 2026-06-29 | N/A |
| A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated cameras and compromise the credentials of connected cameras. | ||||
| CVE-2026-57920 | 1 Peplink | 1 Incontrol | 2026-06-29 | 7.7 High |
| Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints. | ||||
| CVE-2026-13426 | 1 Mattermost | 1 Mattermost Server | 2026-06-29 | 5.4 Medium |
| The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost Advisory ID: MMSA-2025-00532 | ||||
| CVE-2026-57527 | 1 Zaproxy | 1 Zap-extensions | 2026-06-29 | 8.8 High |
| Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter. The JSFViewState.decode() method base64-decodes the ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowlist, or type restriction, causing the malicious object to be deserialized within the ZAP JVM when the Desktop UI renders the ViewState panel. | ||||
| CVE-2025-63041 | 2 Codeamp, Wordpress | 2 Forget About Shortcode Buttons, Wordpress | 2026-06-29 | 5.4 Medium |
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | ||||
| CVE-2025-63078 | 2 Jetmonsters, Wordpress | 2 Restaurant Menu By Motopress, Wordpress | 2026-06-29 | 4.3 Medium |
| Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. | ||||
| CVE-2025-63079 | 2 Bdthemes, Wordpress | 2 Live Copy Paste For Elementor, Wordpress | 2026-06-29 | 4.3 Medium |
| Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. | ||||
| CVE-2025-64636 | 2 Rhewlif, Wordpress | 2 Donation Thermometer, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. | ||||
| CVE-2025-64637 | 2 Opal Wp, Wordpress | 2 Auros Core, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. | ||||
| CVE-2025-66123 | 2 About Envato, Wordpress | 2 Bookpro, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. | ||||
| CVE-2025-68063 | 2 Stylemixthemes, Wordpress | 2 Splash - Sport Club Wordpress Theme For Basketball, Football, Hockey, Wordpress | 2026-06-29 | 7.5 High |
| Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. | ||||
| CVE-2025-68064 | 2 Everthemess, Wordpress | 2 Goya Core, Wordpress | 2026-06-29 | 7.5 High |
| Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. | ||||
| CVE-2025-68074 | 2 Ghozylab, Wordpress | 2 Image Carousel, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. | ||||
| CVE-2025-68075 | 2 Kerry, Wordpress | 2 Bne Testimonials, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions. | ||||
| CVE-2026-54833 | 2 Dev Kabir, Wordpress | 2 Enable Cors, Wordpress | 2026-06-29 | 7.4 High |
| Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions. | ||||
| CVE-2026-54834 | 2 Fpuenteonline, Wordpress | 2 Object Cache 4 Everyone, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. | ||||
| CVE-2026-54835 | 2 Rustaurius, Wordpress | 2 Five Star Restaurant Menu, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions. | ||||