Export limit exceeded: 359632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359632 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-11858 | 1 Quanos Solutions | 1 Schema St4 | 2026-06-20 | N/A |
| Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation. | ||||
| CVE-2024-35648 | 2 Andy Moyle, Wordpress | 2 Emergency Password Reset, Wordpress | 2026-06-20 | 4.3 Medium |
| Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0. | ||||
| CVE-2024-37210 | 2 Ali2woo, Wordpress | 2 Alinext, Wordpress | 2026-06-20 | 6.5 Medium |
| Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5. | ||||
| CVE-2024-37496 | 2 Rara Themes, Wordpress | 2 Metro Magazine, Wordpress | 2026-06-20 | 4.3 Medium |
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. | ||||
| CVE-2025-62340 | 1 Hcltech | 1 Icontrol | 2026-06-20 | 3.1 Low |
| HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity | ||||
| CVE-2025-59554 | 2 Advanced Ads Gmbh, Wordpress | 2 Advanced Ads – Tracking, Wordpress | 2026-06-20 | 9.3 Critical |
| Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions. | ||||
| CVE-2025-68524 | 2 Themegoods, Wordpress | 2 Avante, Wordpress | 2026-06-20 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions. | ||||
| CVE-2025-69115 | 2 Themerex, Wordpress | 2 Luxmed | Medicine & Healthcare Doctor Wordpress Theme, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions. | ||||
| CVE-2025-69130 | 2 Themovation, Wordpress | 2 Entrepreneur - Booking For Small Businesses Wordpress Theme, Wordpress | 2026-06-20 | 8.8 High |
| Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions. | ||||
| CVE-2025-69144 | 2 Themerex, Wordpress | 2 Preservation, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Preservation <= 1.10 versions. | ||||
| CVE-2025-69164 | 2 Themerex, Wordpress | 2 Skyward, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Skyward <= 1.10 versions. | ||||
| CVE-2025-69170 | 2 Themerex, Wordpress | 2 Eventicity, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions. | ||||
| CVE-2025-69175 | 2 Themerex, Wordpress | 2 Line Agency, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions. | ||||
| CVE-2026-39445 | 2 Presslayouts, Wordpress | 2 Alukas, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions. | ||||
| CVE-2026-39559 | 2 Codesupplyco, Wordpress | 2 Uppercase, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions. | ||||
| CVE-2026-40738 | 2 Edge-themes, Wordpress | 2 Eldon, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions. | ||||
| CVE-2026-40752 | 2 Select-themes, Wordpress | 2 Manufaktur Solutions, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions. | ||||
| CVE-2026-49108 | 2 Park Of Ideas, Wordpress | 2 Moderno, Wordpress | 2026-06-20 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Moderno < 1.43 versions. | ||||
| CVE-2025-60229 | 2 Themeton, Wordpress | 2 Lagom, Wordpress | 2026-06-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0. | ||||
| CVE-2025-60230 | 2 Themeton, Wordpress | 2 The Barber Shop, Wordpress | 2026-06-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9. | ||||