Export limit exceeded: 351767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351767 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5200 | 2026-05-20 | 8.8 High | ||
| The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify privileged AcyMailing configuration, export subscriber secret keys, and chain these actions into administrator account takeover when a target administrator email address is known. | ||||
| CVE-2026-6405 | 2026-05-20 | 4.3 Medium | ||
| The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output escaping in the admin_options.php template. The settings form includes no wp_nonce_field() and the handler performs no check_admin_referer() check, meaning any cross-origin POST can modify plugin settings. The API key field is sanitized only with sanitize_text_field(), which strips HTML tags but does not encode double-quote characters; the value is then rendered into an HTML attribute via bare echo without esc_attr(), allowing a double-quote attribute-escape payload to survive both sanitization and storage. This makes it possible for unauthenticated attackers to inject arbitrary web scripts by tricking a logged-in administrator into visiting a malicious page that submits a forged request, storing the payload in the database and causing it to execute in the administrator's browser whenever the plugin settings page is visited. | ||||
| CVE-2022-3792 | 1 Gullseye | 1 Gullseye Terminal Operating System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection. This issue affects GullsEye terminal operating system: from unspecified before 5.0.13. | ||||
| CVE-2022-4422 | 1 Bulutses | 1 Bulutdesk Callcenter | 2026-05-20 | 9.8 Critical |
| Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0 | ||||
| CVE-2022-4554 | 1 Idyazilim | 1 B2b Dealer Order System | 2026-05-20 | 5.4 Medium |
| B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347. | ||||
| CVE-2026-9056 | 1 Talend | 1 Administration Center | 2026-05-20 | 5.4 Medium |
| A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user. | ||||
| CVE-2026-24215 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 5.7 Medium |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-6902 | 1 Perforce | 1 Helix Core | 2026-05-20 | N/A |
| A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks. | ||||
| CVE-2026-47783 | 1 Memcached | 1 Memcached | 2026-05-20 | 8.1 High |
| In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass. | ||||
| CVE-2026-2955 | 2026-05-20 | 6.4 Medium | ||
| The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Practical exploitation is constrained due to a 20-character storage limit. | ||||
| CVE-2026-20994 | 1 Samsung | 1 Account | 2026-05-20 | N/A |
| URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token. | ||||
| CVE-2026-24207 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 9.8 Critical |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. | ||||
| CVE-2025-33255 | 2026-05-20 | 7.5 High | ||
| NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure. | ||||
| CVE-2025-15369 | 2 Wordpress, Xpro | 2 Wordpress, Xpro Addons — 140+ Widgets For Elementor | 2026-05-20 | 5.3 Medium |
| The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_content_editor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create published Xpro templates. | ||||
| CVE-2026-24206 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 7.3 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure. | ||||
| CVE-2026-24210 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24213 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 8 High |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure. | ||||
| CVE-2026-24214 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 8 High |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service. | ||||
| CVE-2025-14512 | 2 Gnome, Redhat | 7 Glib, Enterprise Linux, Hummingbird and 4 more | 2026-05-20 | 6.5 Medium |
| A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | ||||
| CVE-2025-14087 | 2 Gnome, Redhat | 6 Glib, Enterprise Linux, Hummingbird and 3 more | 2026-05-20 | 5.6 Medium |
| A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | ||||