Export limit exceeded: 361191 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361191 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361191 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12197 | 1 Ruijie | 2 Eg105g-p, Rg-eg105g-p | 2026-06-26 | 7.2 High |
| A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-36670 | 1 Opensips | 1 Opensips | 2026-06-26 | 8.8 High |
| A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php. | ||||
| CVE-2026-9278 | 2 Formbuilder Project, Wordpress | 2 Formbuilder, Wordpress | 2026-06-26 | 5.4 Medium |
| The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against any visitor of a page rendering the affected form, even when the `unfiltered_html` capability is disallowed (e.g. in a multisite network). | ||||
| CVE-2026-49111 | 2 Themegrill, Wordpress | 2 Masteriyo, Wordpress | 2026-06-26 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0. | ||||
| CVE-2026-48969 | 2 Really-simple-plugins, Wordpress | 2 Really Simple Ssl, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions. | ||||
| CVE-2025-64215 | 2 Stylemixthemes, Wordpress | 2 Masterstudy Lms, Wordpress | 2026-06-26 | 6.5 Medium |
| Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16. | ||||
| CVE-2023-4727 | 1 Redhat | 6 Certificate System Eus, Enterprise Linux, Rhel Aus and 3 more | 2026-06-26 | 7.5 High |
| A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege. | ||||
| CVE-2026-9691 | 2 Crm Perks, Wordpress | 2 Integration For Mailchimp And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | ||||
| CVE-2026-24637 | 2 Blubrry, Wordpress | 2 Powerpress Podcasting, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions. | ||||
| CVE-2026-27053 | 2 Videowhisper, Wordpress | 2 Broadcast Live Video, Wordpress | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. | ||||
| CVE-2026-27407 | 2 Meowapps, Wordpress | 2 Ai Engine, Wordpress | 2026-06-26 | 7.2 High |
| Editor Privilege Escalation in AI Engine <= 3.4.9 versions. | ||||
| CVE-2026-39450 | 2 Funnelkit, Wordpress | 2 Funnelkit Automations, Wordpress | 2026-06-26 | 7.1 High |
| Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. | ||||
| CVE-2026-39515 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Broken Access Control in Motors < 1.4.107 versions. | ||||
| CVE-2026-39518 | 2 Theeventprime, Wordpress | 2 Eventprime, Wordpress | 2026-06-26 | 7.1 High |
| Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. | ||||
| CVE-2026-39524 | 2 Themegrill, Wordpress | 2 Masteriyo, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions. | ||||
| CVE-2026-39532 | 2 Stiofansisland, Wordpress | 2 Events Calendar For Geodirectory, Wordpress | 2026-06-26 | 8.8 High |
| Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. | ||||
| CVE-2026-39534 | 2 Wordpress, Wpdirectorykit | 2 Wordpress, Wp Directory Kit | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions. | ||||
| CVE-2026-39583 | 2 Datalogics Ecommerce Delivery, Wordpress | 2 Datalogics Ecommerce Delivery, Wordpress | 2026-06-26 | 9.8 Critical |
| Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. | ||||
| CVE-2026-40773 | 2 Rtcamp, Wordpress | 2 Rtmedia For Wordpress, Buddypress And Bbpress, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions. | ||||
| CVE-2026-40779 | 2 Wordpress, Ylefebvre | 2 Wordpress, Link Library | 2026-06-26 | 7.7 High |
| Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions. | ||||