Export limit exceeded: 361449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9155 | 1 Rapid7 | 1 Insightconnect Sed Plugin | 2026-06-26 | 8.8 High |
| OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation. | ||||
| CVE-2026-9154 | 1 Rapid7 | 1 Insightconnect Sed Plugin | 2026-06-26 | 7.1 High |
| Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter. | ||||
| CVE-2026-9153 | 1 Rapid7 | 1 Insightconnect Sed Plugin | 2026-06-26 | 6.5 Medium |
| Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation. | ||||
| CVE-2026-8660 | 1 Rapid7 | 1 Insightconnect Ping Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands. | ||||
| CVE-2026-8665 | 1 Rapid7 | 1 Insightconnect Tr Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction. | ||||
| CVE-2026-8664 | 1 Rapid7 | 1 Insightconnect Finger Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction. | ||||
| CVE-2026-8592 | 1 Rapid7 | 1 Insightconnect Awk Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline. | ||||
| CVE-2026-8666 | 1 Rapid7 | 1 Insightconnect Traceroute Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands. | ||||
| CVE-2026-8662 | 1 Rapid7 | 1 Insightconnect Compression Plugin | 2026-06-26 | 3.3 Low |
| Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker. | ||||
| CVE-2026-8658 | 1 Rapid7 | 1 Insightconnect Tcpdump Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction. | ||||
| CVE-2026-5305 | 3 Email Encoder, Simple Mail Address Encoder Project, Wordpress | 3 Email Encoder, Simple Mail Address Encoder, Wordpress | 2026-06-26 | 8.8 High |
| The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks | ||||
| CVE-2026-9702 | 2 Inpost Pl, Wordpress | 2 Inpost Pl, Wordpress | 2026-06-26 | 7.5 High |
| The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or processing order on the site. | ||||
| CVE-2026-12937 | 2 Themefic, Wordpress | 2 Tourfic – Ai Powered Travel Booking, Hotel Booking & Car Rental Wordpress Plugin, Wordpress | 2026-06-26 | 7.5 High |
| The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler is registered for unauthenticated users via wp_ajax_nopriv_tf_room_availability, and the required nonce is emitted on the public single-hotel page template, allowing unauthenticated attackers to freely obtain a valid nonce and reach the vulnerable code path. | ||||
| CVE-2026-56129 | 2 Dynabook, Toshiba Corporation | 2 Generic Io & Memory Access Driver, Generic Io & Memory Access Driver | 2026-06-26 | 5.5 Medium |
| Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory. | ||||
| CVE-2026-56130 | 1 Apache | 1 Shiro | 2026-06-26 | N/A |
| "Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only when RememberMe functionality is enabled. Upgrade to version 3.0.0 or later, which fixes the issue. | ||||
| CVE-2026-54838 | 2 Rymera Web Co, Wordpress | 2 Wc Vendors Marketplace, Wordpress | 2026-06-26 | 8.5 High |
| Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | ||||
| CVE-2026-54843 | 2 Pluginus.net, Wordpress | 2 Mdtf, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. | ||||
| CVE-2026-54844 | 2 Checkview, Wordpress | 2 Checkview Automated Testing, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions. | ||||
| CVE-2026-54845 | 2 Pluginus.net, Wordpress | 2 Mdtf, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. | ||||
| CVE-2026-56013 | 2 Mycred, Wordpress | 2 License Manager For Woocommerce, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions. | ||||