Export limit exceeded: 361191 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361191 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50203 | 1 Apache | 1 Airflow Sftp Provider | 2026-06-26 | 9.1 Critical |
| A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is any deployment downloading directories from an untrusted SFTP server. Upgrade `apache-airflow-providers-sftp` to 5.8.1 or later. | ||||
| CVE-2026-7850 | 2 Wordpress, Wp Magnific Popup | 2 Wordpress, Wp Magnific Popup | 2026-06-26 | 5.9 Medium |
| The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user. | ||||
| CVE-2026-8383 | 2 Learnpress, Wordpress | 2 Learnpress, Wordpress | 2026-06-26 | 5.3 Medium |
| The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request | ||||
| CVE-2026-10094 | 1 Dassault Systèmes | 1 Solidworks Visualize | 2026-06-26 | 9.8 Critical |
| A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server. | ||||
| CVE-2025-58952 | 2 Themerex, Wordpress | 2 Neuronet, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions. | ||||
| CVE-2025-58953 | 2 Themerex, Wordpress | 2 Joly, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions. | ||||
| CVE-2025-58954 | 2 Themerex, Wordpress | 2 Homeroofer, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions. | ||||
| CVE-2025-69117 | 2 Themerex, Wordpress | 2 Ingenioso, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions. | ||||
| CVE-2025-69145 | 2 Themerex, Wordpress | 2 Gat, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Gat <= 1.16 versions. | ||||
| CVE-2025-69148 | 2 Themerex, Wordpress | 2 Quirky, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Quirky <= 1.23 versions. | ||||
| CVE-2025-69172 | 2 Themerex, Wordpress | 2 Resurs, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Resurs <= 1.3 versions. | ||||
| CVE-2025-69173 | 2 Themerex, Wordpress | 2 Tipsy, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions. | ||||
| CVE-2026-22325 | 2 Axiomthemes, Wordpress | 2 Promo, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions. | ||||
| CVE-2026-22326 | 2 Axiomthemes, Wordpress | 2 Reprizo, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions. | ||||
| CVE-2026-22330 | 2 Themeum, Wordpress | 2 Right Way, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Right Way <= 4.0 versions. | ||||
| CVE-2026-22331 | 2 Themerex, Wordpress | 2 Autoparts, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions. | ||||
| CVE-2026-22338 | 2 Themerex, Wordpress | 2 Ecoblue, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions. | ||||
| CVE-2026-25446 | 2 Wishlist Products, Wordpress | 2 Wishlist Member X, Wordpress | 2026-06-26 | 9.9 Critical |
| Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | ||||
| CVE-2026-39558 | 2 Elated-themes, Wordpress | 2 Malmö, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Malmö <= 2.2 versions. | ||||
| CVE-2026-40731 | 1 Mikado-themes | 2 Chapterone, Halstein | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions. | ||||