Export limit exceeded: 366282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54816 | 2 Monetizemore, Wordpress | 2 Advanced Ads, Wordpress | 2026-06-17 | 7.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21. | ||||
| CVE-2025-15657 | 2 Mojoomla, Wordpress | 2 School Management, Wordpress | 2026-06-17 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions. | ||||
| CVE-2026-52716 | 2 Purethemes, Wordpress | 2 Workscout Core, Wordpress | 2026-06-17 | 6.5 Medium |
| Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions. | ||||
| CVE-2026-54818 | 2 Veronalabs, Wordpress | 2 Slimstat Analytics, Wordpress | 2026-06-17 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11. | ||||
| CVE-2026-54817 | 2 Fluxbuilder, Wordpress | 2 Mstore Api, Wordpress | 2026-06-17 | 6.5 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4. | ||||
| CVE-2026-55738 | 1 Rxi | 1 Microtar | 2026-06-17 | 8.8 High |
| A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width fields to be fully populated with non-null bytes, so a crafted archive whose linkname field (followed by the trailing padding of the 512-byte raw header) contains no null terminator causes strcpy() to read past the end of the 512-byte raw header stack buffer and to write past the destination header buffer. A remote attacker who supplies a crafted TAR archive that the victim opens or parses (via mtar_open(), mtar_read_header(), or mtar_find()) can cause an out-of-bounds read and a stack buffer overflow, resulting in denial of service (crash) and potentially arbitrary code execution. Confirmed with AddressSanitizer: stack-buffer-overflow READ of size 356 in raw_to_header at src/microtar.c:112. | ||||
| CVE-2026-10850 | 1 Plane | 1 Plane | 2026-06-17 | N/A |
| Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint. | ||||
| CVE-2026-47340 | 1 Apache | 1 Dolphinscheduler | 2026-06-17 | 6.5 Medium |
| Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue. | ||||
| CVE-2024-24709 | 2 Shareaholic, Wordpress | 2 Shareaholic, Wordpress | 2026-06-17 | 4.3 Medium |
| Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11. | ||||
| CVE-2026-32967 | 1 Apache | 1 Dolphinscheduler | 2026-06-17 | 6.5 Medium |
| Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue. | ||||
| CVE-2026-34888 | 2 Bricksforge, Wordpress | 2 Bricksforge, Wordpress | 2026-06-17 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions. | ||||
| CVE-2026-24611 | 2 Wordpress, Wpmet | 2 Wordpress, Metform Pro | 2026-06-17 | 9.1 Critical |
| Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions. | ||||
| CVE-2026-24610 | 2 Wordpress, Wpmet | 2 Wordpress, Metform Pro | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions. | ||||
| CVE-2026-27410 | 2 Veronalabs, Wordpress | 2 Slimstat Analytics, Wordpress | 2026-06-17 | 6.5 Medium |
| Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions. | ||||
| CVE-2026-39595 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-06-17 | 4.7 Medium |
| Author Broken Access Control in W3 Total Cache <= 2.9.1 versions. | ||||
| CVE-2024-32729 | 2 Quantumcloud, Wordpress | 2 Conversational Forms For Chatbot, Wordpress | 2026-06-17 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8. | ||||
| CVE-2026-40723 | 2 Bricks, Wordpress | 2 Bricks Builder, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions. | ||||
| CVE-2026-11975 | 1 Simplcommerce | 1 Simplcommerce | 2026-06-17 | N/A |
| Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw() | ||||
| CVE-2026-10839 | 1 Password Manager | 1 Password Manager | 2026-06-17 | N/A |
| Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity. | ||||
| CVE-2026-10837 | 1 Password Manager | 1 Password Manager | 2026-06-17 | N/A |
| Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity. | ||||