Export limit exceeded: 358870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49109 | 2026-06-16 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | ||||
| CVE-2026-49766 | 2026-06-16 | 9.9 Critical | ||
| Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | ||||
| CVE-2026-39491 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions. | ||||
| CVE-2026-48870 | 2 Kingaddons, Wordpress | 2 King Addons For Elementor, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions. | ||||
| CVE-2026-53473 | 1 Kubev2v | 2 Migration-planner-ui-app, Migration Planner Ui | 2026-06-16 | 7.3 High |
| A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions. | ||||
| CVE-2026-39591 | 2026-06-16 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. | ||||
| CVE-2026-39534 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions. | ||||
| CVE-2026-39524 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions. | ||||
| CVE-2026-39512 | 2 Paolo, Wordpress | 2 Geodirectory, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions. | ||||
| CVE-2026-40762 | 2 Wordpress, Wpgraphql | 2 Wordpress, Wpgraphql | 2026-06-16 | 7.5 High |
| Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions. | ||||
| CVE-2026-39480 | 2 Inisev, Wordpress | 2 Backup Migration, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions. | ||||
| CVE-2026-39503 | 2 Awesomemotive, Wordpress | 2 Easy Digital Downloads, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions. | ||||
| CVE-2026-39468 | 2026-06-16 | 6.8 Medium | ||
| Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions. | ||||
| CVE-2026-39447 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions. | ||||
| CVE-2026-34900 | 2 Liquid Web / Stellarwp, Wordpress | 2 Givewp, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions. | ||||
| CVE-2026-39498 | 2026-06-16 | 7.2 High | ||
| Shop manager PHP Object Injection in YayMail <= 4.3.3 versions. | ||||
| CVE-2026-6250 | 1 Tp-link | 2 Tapo C110, Tapo C110 Firmware | 2026-06-16 | 8.1 High |
| An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return addresses. A remote authenticated attacker may redirect execution flow to existing internal functions, triggering an unauthorized factory reset, leading to loss of configuration, deletion of stored credentials and service disruption. | ||||
| CVE-2026-23970 | 2 Themeisle, Wordpress | 2 Redirection For Contact Form 7, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions. | ||||
| CVE-2026-9691 | 2026-06-16 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | ||||
| CVE-2025-60175 | 2026-06-16 | 4.4 Medium | ||
| Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions. | ||||