Export limit exceeded: 351901 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351901 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6397 | 2 Cvmh, Wordpress | 2 Sticky, Wordpress | 2026-05-20 | 6.4 Medium |
| The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `cvmh-sticky` shortcode `readmoretext` attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the `cvmh_sticky_front_render()` function — the `readmoretext` attribute value is passed through `apply_filters()` and directly concatenated into the HTML output without any escaping function such as `esc_html()`. This makes it possible for authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a page containing the injected shortcode. | ||||
| CVE-2026-24213 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 8 High |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure. | ||||
| CVE-2026-3985 | 2 Constantcontact, Wordpress | 2 Creative Mail – Easier Wordpress & Woocommerce Email Marketing, Wordpress | 2026-05-20 | 7.5 High |
| The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the `has_checkout_consent()` method. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-6456 | 2 Beycanpress, Wordpress | 2 Account Switcher, Wordpress | 2026-05-20 | 8.8 High |
| The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose comparison (`!=` instead of `!==`) for secret validation at `app/RestAPI.php:111`, combined with no validation that the secret is non-empty. When a target user has never used the "Remember me" feature, their `asSecret` user meta does not exist, causing `get_user_meta()` to return an empty string. An attacker can send an empty `secret` parameter, which passes the comparison (`'' != ''` is `false`), and the endpoint then calls `wp_set_auth_cookie()` for the target user. Additionally, all REST routes use `permission_callback => '__return_true'` with no capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to switch to any user account including Administrator, ultimately granting themselves full administrative privileges. | ||||
| CVE-2026-8424 | 2 Jay Patel, Wordpress | 2 Remove Yellow Bgbox, Wordpress | 2026-05-20 | 4.3 Medium |
| The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybb_api_settings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored settings by overwriting its configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-7472 | 2 Edmonsoft, Wordpress | 2 Read More & Accordion, Wordpress | 2026-05-20 | 4.9 Medium |
| The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit() and getAccordionAllDataByLimit() functions in ReadMoreData.php. The user-supplied $_GET['orderby'] value is only processed through esc_attr() (an HTML-escaping function) before being passed to these database functions, where esc_sql() is applied but the value is directly concatenated—unquoted—into the ORDER BY fragment of the SQL query before $wpdb->prepare() is called. Because esc_sql() only escapes quote characters and backslashes (which are irrelevant in an unquoted ORDER BY context), an attacker can inject arbitrary SQL expressions such as (SELECT SLEEP(5)) or conditional subqueries to perform time-based blind data extraction. This makes it possible for authenticated attackers with administrator-level access or above (or any role explicitly permitted access to the plugin's admin pages via the yrm-user-roles setting) to extract sensitive data from the database, including administrator credential hashes. | ||||
| CVE-2025-15369 | 2 Wordpress, Xpro | 2 Wordpress, Xpro Addons — 140+ Widgets For Elementor | 2026-05-20 | 5.3 Medium |
| The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_content_editor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create published Xpro templates. | ||||
| CVE-2026-24214 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 8 High |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service. | ||||
| CVE-2026-34649 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-05-20 | 7.5 High |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34650 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-05-20 | 7.5 High |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34651 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-05-20 | 7.5 High |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34652 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-05-20 | 7.5 High |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-5776 | 2 Email Encoder, Wordpress | 2 Email Encoder, Wordpress | 2026-05-20 | 6.1 Medium |
| The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks | ||||
| CVE-2026-45585 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-05-20 | 6.8 Medium |
| Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. | ||||
| CVE-2026-24215 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 5.7 Medium |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-8491 | 1 Drupal | 1 Node View Permissions | 2026-05-20 | 3.7 Low |
| Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1. | ||||
| CVE-2026-31414 | 1 Linux | 1 Linux Kernel | 2026-05-20 | 9.8 Critical |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /proc to dump the helper name. Using nfct_help() without holding a reference to the master conntrack is unsafe. Use exp->master->helper in ctnetlink path if userspace does not provide an explicit helper when creating an expectation to retain the existing behaviour. The ctnetlink expectation path holds the reference on the master conntrack and nf_conntrack_expect lock and the nfnetlink glue path refers to the master ct that is attached to the skb. | ||||
| CVE-2026-30117 | 1 Scalar | 1 Astro | 2026-05-20 | 9.8 Critical |
| scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file. | ||||
| CVE-2026-39250 | 1 Innoshop | 1 Innoshop | 2026-05-20 | 7.3 High |
| An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations. | ||||
| CVE-2026-9084 | 1 Misp | 1 Misp | 2026-05-20 | N/A |
| MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid OIDC token could assert a victim’s email address and authenticate as that user, leading to account takeover. | ||||