Export limit exceeded: 361701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361701 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10820 | 2026-06-29 | 8.1 High | ||
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference. | ||||
| CVE-2026-57340 | 2026-06-29 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions. | ||||
| CVE-2026-57642 | 2 Bestwebsoft, Wordpress | 2 Gallery, Wordpress | 2026-06-29 | 8.5 High |
| Contributor SQL Injection in Gallery <= 4.7.8 versions. | ||||
| CVE-2026-57334 | 2026-06-29 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions. | ||||
| CVE-2026-13579 | 1 Itsourcecode | 1 Hospital Management System | 2026-06-29 | 6.3 Medium |
| A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-57328 | 2026-06-29 | 6.5 Medium | ||
| Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions. | ||||
| CVE-2026-55607 | 2026-06-29 | N/A | ||
| Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such as .zshenv), leading to code execution outside of seatbelt sandbox restrictions. Reliably exploiting this required the user to clone a malicious repository containing prompt injection content and run Claude Code against it. This vulnerability is fixed in 2.1.163. | ||||
| CVE-2026-57339 | 2026-06-29 | 6.6 Medium | ||
| Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions. | ||||
| CVE-2026-57333 | 2026-06-29 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions. | ||||
| CVE-2026-57327 | 2026-06-29 | 6.3 Medium | ||
| Subscriber Broken Access Control in MainWP <= 6.1.1 versions. | ||||
| CVE-2026-13583 | 1 Edimax | 1 Ew-7478apc | 2026-06-29 | 8.8 High |
| A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-53320 | 1 Linux | 1 Linux Kernel | 2026-06-29 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dead blocks by comparing it with the current block number bd_blocknr. If they differ, the block is considered dead and skipped. However, bd_oblocknr should never be 0 since block 0 typically stores the primary superblock and is never a valid GC target block. A corrupted ioctl request with bd_oblocknr set to 0 causes the comparison to incorrectly match when the lookup returns -ENOENT and sets bd_blocknr to 0, bypassing the dead block check and calling nilfs_bmap_mark() on a non-existent block. This causes nilfs_btree_do_lookup() to return -ENOENT, triggering the WARN_ON(ret == -ENOENT). Fix this by rejecting ioctl requests with bd_oblocknr set to 0 at the beginning of each iteration. [ryusuke: slightly modified the commit message and comments for accuracy] | ||||
| CVE-2026-25707 | 1 Suse | 1 Libzypp | 2026-06-29 | 8.8 High |
| A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation. | ||||
| CVE-2026-56048 | 2026-06-29 | 6.5 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions. | ||||
| CVE-2026-55666 | 1 Rocketchat | 1 Rocket.chat | 2026-06-29 | N/A |
| Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT issued by Apple during the OAuth flow. The try block checks for an email parameter. If the JWT does not contain an email address, the application falls back to accepting an arbitrary email value supplied directly in the request. Attackers are able to forge Apple JWTs that do not contain an email address and leverage this vulnerability to carry out account takeover attacks. This vulnerability is fixed in 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13. | ||||
| CVE-2026-55697 | 1 Pnpm | 1 Pnpm | 2026-06-29 | 7.5 High |
| pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawned it as the developer or CI user. This vulnerability is fixed in 10.34.2 and 11.5.3. | ||||
| CVE-2026-49049 | 2026-06-29 | 7.5 High | ||
| The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters. | ||||
| CVE-2026-46406 | 2026-06-29 | N/A | ||
| Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command. This vulnerability is fixed in 2.1.128. | ||||
| CVE-2026-6951 | 2 Simple-git Project, Steveukx | 2 Simple-git, Simple-git | 2026-06-29 | 9.8 Critical |
| Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still achieve remote code execution by enabling protocol.ext.allow=always and using an ext:: clone source. | ||||
| CVE-2024-21490 | 1 Angularjs | 1 Angular.js | 2026-06-29 | 7.5 High |
| This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core). | ||||