Export limit exceeded: 361783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361783 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57635 | 2 Funnelkit, Wordpress | 2 Funnelkit Payment Gateway For Stripe Woocommerce, Wordpress | 2026-06-29 | 6.5 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions. | ||||
| CVE-2026-57638 | 2 Wordpress, Wpmanageninja | 2 Wordpress, Fluent Booking | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. | ||||
| CVE-2026-57644 | 2 Jetmonsters, Wordpress | 2 Restaurant Menu By Motopress, Wordpress | 2026-06-29 | 8.5 High |
| Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | ||||
| CVE-2026-57647 | 2 Bplugins, Wordpress | 2 Panorama Viewer – 360 Degree Image + Video Viewer, Wordpress | 2026-06-29 | 7.5 High |
| Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. | ||||
| CVE-2026-57651 | 2 Nk, Wordpress | 2 Ghost Kit, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. | ||||
| CVE-2026-57655 | 2 Jay Versluis, Wordpress | 2 Child Theme Wizard, Wordpress | 2026-06-29 | 8.2 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. | ||||
| CVE-2026-57656 | 2 Peregrinethemes, Wordpress | 2 Hester Core, Wordpress | 2026-06-29 | 5.9 Medium |
| Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | ||||
| CVE-2026-57657 | 2 Noor Alam, Wordpress | 2 Gmail Smtp, Wordpress | 2026-06-29 | 4.3 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. | ||||
| CVE-2026-57659 | 2 Stranger Studios, Wordpress | 2 Paid Memberships Pro - Add Member From Admin, Wordpress | 2026-06-29 | 8.8 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | ||||
| CVE-2026-57664 | 2 Villatheme, Wordpress | 2 Bopo – Woocommerce Product Bundle Builder, Wordpress | 2026-06-29 | 4.3 Medium |
| Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | ||||
| CVE-2026-57665 | 2 Gravitykit, Wordpress | 2 Gravityview, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | ||||
| CVE-2026-57667 | 2 Adrian Tobey, Wordpress | 2 Groundhogg, Wordpress | 2026-06-29 | 8.5 High |
| Sales Representative SQL Injection in Groundhogg <= 4.5 versions. | ||||
| CVE-2025-11919 | 1 Wolfram Research | 1 Cloud | 2026-06-29 | 9.6 Critical |
| The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code. | ||||
| CVE-2023-20540 | 1 Amd | 5 Ryzen 3000 Series Desktop Processors, Ryzen 5000 Series Desktop Processors, Ryzen Threadripper 3000 Series Processors and 2 more | 2026-06-29 | N/A |
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity. | ||||
| CVE-2026-0685 | 1 Edgewall | 1 Genshi | 2026-06-29 | 9.8 Critical |
| Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions. | ||||
| CVE-2026-0828 | 1 Safetica | 1 Endpoint Client | 2026-06-29 | 7.5 High |
| Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes. | ||||
| CVE-2023-20572 | 1 Amd | 16 Athlon 3000 Series Mobile Processors With Radeon Graphics, Ryzen 3000 Series Desktop Processors, Ryzen 4000 Series Desktop Processors and 13 more | 2026-06-29 | N/A |
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity. | ||||
| CVE-2026-45408 | 1 Dokku | 1 Dokku | 2026-06-29 | 9 Critical |
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc (<<EOF instead of <<'EOF') in fn-git-create-hook() at plugins/git/internal-functions:378. On git push, bash interprets the semicolon as a command separator, executing arbitrary commands as the dokku user. This vulnerability is fixed in 0.38.2. | ||||
| CVE-2026-45407 | 1 Dokku | 1 Dokku | 2026-06-29 | 5 Medium |
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user who can traverse the dokku home directory. This vulnerability is fixed in 0.38.2. | ||||
| CVE-2026-45406 | 1 Dokku | 1 Dokku | 2026-06-29 | 9 Critical |
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename containing a single quote breaks the quoting and allows command substitution to execute arbitrary commands on the host as the dokku user during the app's next deploy. This vulnerability is fixed in 0.38.2. | ||||