Search

Search Results (366361 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50876 1 Deck9 1 Deck9 Input 2026-06-26 5.4 Medium
A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2026-50879 1 Linx-server 1 Linx-server 2026-06-26 7.5 High
An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2026-50880 1 Youtransfer 1 Youtransfer 2026-06-26 9.8 Critical
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request.
CVE-2026-50882 1 Anna-is-cute 1 Paste 2026-06-26 7.5 High
An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2026-50883 1 Matze 1 Wastebin 2026-06-26 9.6 Critical
An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload.
CVE-2026-50884 1 Statping-ng 1 Statping-ng 2026-06-26 8.8 High
Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.
CVE-2026-50886 1 Firefly 1 Project Firefly Iii 2026-06-26 9.1 Critical
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.
CVE-2026-50887 1 Shlink 1 Shlink 2026-06-26 9.1 Critical
A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl.
CVE-2026-50889 1 Lldap 1 Lldap 2026-06-26 7.5 High
An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a crafted refresh-token header.
CVE-2016-20066 2 Dwbooster, Wordpress 2 Cp Polls, Wordpress 2026-06-26 7.2 High
WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary JavaScript in the browsers of users viewing the affected content.
CVE-2016-20067 2 Dwbooster, Wordpress 2 Cp Polls, Wordpress 2026-06-26 4.3 Medium
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.
CVE-2026-52721 2 Gstreamer Project, Redhat 2 Gstreamer Plugin, Enterprise Linux 2026-06-26 5.3 Medium
Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure.
CVE-2026-34891 2 Hitpay, Idpay 2 Payment Gateway For Woocommerce, Payment Gateway For Woocommerce 2026-06-26 7.5 High
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
CVE-2026-39470 2 Brainstorm Force, Wordpress 2 Woocommerce Cart Abandonment Recovery, Wordpress 2026-06-26 7.2 High
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
CVE-2026-39478 2 Eli Scheetz, Wordpress 2 Anti-malware Security And Brute-force Firewall, Wordpress 2026-06-26 8.8 High
Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.
CVE-2026-39502 2 10web, Wordpress 2 Form Maker, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.
CVE-2026-39533 2 Wordpress, Wptasty 2 Wordpress, Awp Classifieds 2026-06-26 7.5 High
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
CVE-2026-49055 2 Glen Don Mongaya, Wordpress 2 Drag And Drop Multiple File Upload – Contact Form 7, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.
CVE-2026-49061 2 Wordpress, Wpclever 2 Wordpress, Wpc Product Options For Woocommerce 2026-06-26 7.5 High
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
CVE-2026-52699 2 E4jvikwp, Wordpress 2 Vikrentcar, Wordpress 2026-06-26 7.5 High
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.