Export limit exceeded: 85004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85004 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56035 | 2 Cory Marsh, Wordpress | 2 Bitfire Security, Wordpress | 2026-06-29 | 8.6 High |
| Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions. | ||||
| CVE-2026-56038 | 2 Frisbii, Wordpress | 2 Frisbii Pay, Wordpress | 2026-06-29 | 8.8 High |
| Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions. | ||||
| CVE-2026-56039 | 2 Wordpress, Wordpress.com | 2 Wordpress, Quick Interest Slider | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions. | ||||
| CVE-2026-56040 | 2 Wordpress, Wordpress.com | 2 Wordpress, Gutenverse Form | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions. | ||||
| CVE-2026-56047 | 2 Perfmatters, Powered Kinsta + Generatepress Docs Changelog Feature Requests Legal Affiliate Contact, Wordpress | 2 Perfmatters, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions. | ||||
| CVE-2026-56063 | 2 Bplugins, Wordpress | 2 Mailchimp Block, Wordpress | 2026-06-29 | 8.3 High |
| Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions. | ||||
| CVE-2026-56069 | 2 Site Building With Toolset, Wordpress | 2 Toolset Forms, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions. | ||||
| CVE-2026-57321 | 2 Icc0rz, Wordpress | 2 H5p, Wordpress | 2026-06-29 | 7.1 High |
| Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions. | ||||
| CVE-2026-57325 | 2 Jellywp, Wordpress | 2 Nanomag, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions. | ||||
| CVE-2026-57644 | 2 Jetmonsters, Wordpress | 2 Restaurant Menu By Motopress, Wordpress | 2026-06-29 | 8.5 High |
| Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | ||||
| CVE-2026-57647 | 2 Bplugins, Wordpress | 2 Panorama Viewer – 360 Degree Image + Video Viewer, Wordpress | 2026-06-29 | 7.5 High |
| Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. | ||||
| CVE-2026-57655 | 2 Jay Versluis, Wordpress | 2 Child Theme Wizard, Wordpress | 2026-06-29 | 8.2 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. | ||||
| CVE-2026-57659 | 2 Stranger Studios, Wordpress | 2 Paid Memberships Pro - Add Member From Admin, Wordpress | 2026-06-29 | 8.8 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | ||||
| CVE-2026-57667 | 2 Adrian Tobey, Wordpress | 2 Groundhogg, Wordpress | 2026-06-29 | 8.5 High |
| Sales Representative SQL Injection in Groundhogg <= 4.5 versions. | ||||
| CVE-2026-0828 | 1 Safetica | 1 Endpoint Client | 2026-06-29 | 7.5 High |
| Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes. | ||||
| CVE-2026-57231 | 1 Podman-container-tools | 1 Podman | 2026-06-29 | 7.5 High |
| Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk (*) will cause podman to pass all host variables into the container. So essentially a malicious image can exfiltrate all podman environment variables that are set in the session from where the container is launched. This vulnerability is fixed in 5.8.4 and 6.0.0. | ||||
| CVE-2026-56876 | 1 Max-mapper | 1 Extract-zip | 2026-06-29 | 8.1 High |
| extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files. | ||||
| CVE-2026-32833 | 1 Shenzhen Cudy Technology | 1 Lt300 3.0 | 2026-06-29 | 8.8 High |
| Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code execution on the underlying system. | ||||
| CVE-2026-46604 | 1 Golang | 1 Image | 2026-06-29 | 7.5 High |
| The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset. | ||||
| CVE-2026-33560 | 1 Daktronics | 3 Dmp-5000, Dmp-8000, Vfc-dmp-5000 | 2026-06-29 | 7.1 High |
| The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server. | ||||