Export limit exceeded: 359713 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359713 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359713 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12776 | 1 Montodel | 1 House-rental-management | 2026-06-21 | 6.3 Medium |
| A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12775 | 1 Montodel | 1 House-rental-management | 2026-06-21 | 7.3 High |
| A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12773 | 1 Litellm | 1 Litellm | 2026-06-21 | 7.3 High |
| A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure. | ||||
| CVE-2026-34895 | 2 Webgeniuslab, Wordpress | 2 Softlab Core, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions. | ||||
| CVE-2026-39438 | 2 Emraan Cheema, Wordpress | 2 Listingpro, Wordpress | 2026-06-20 | 9.3 Critical |
| Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions. | ||||
| CVE-2026-39443 | 2 Presslayouts, Wordpress | 2 Emallshop, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions. | ||||
| CVE-2026-39446 | 2 Presslayouts, Wordpress | 2 Kapee, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions. | ||||
| CVE-2026-39529 | 2 Themerex Group, Wordpress | 2 Elementra, Wordpress | 2026-06-20 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions. | ||||
| CVE-2026-39548 | 2 Sneeit, Wordpress | 2 Magone, Wordpress | 2026-06-20 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions. | ||||
| CVE-2026-40736 | 2 Edge-themes, Wordpress | 2 Laurits, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions. | ||||
| CVE-2026-40760 | 2 Edge-themes, Wordpress | 2 Behold, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Behold <= 1.5 versions. | ||||
| CVE-2026-40761 | 2 Edge-themes, Wordpress | 2 Valeska, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions. | ||||
| CVE-2026-49057 | 2 Eyecix Technologies, Wordpress | 2 Jobsearch, Wordpress | 2026-06-20 | 7.5 High |
| Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions. | ||||
| CVE-2026-49080 | 2 Tms, Wordpress | 2 Wpdatatables, Wordpress | 2026-06-20 | 9.3 Critical |
| Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions. | ||||
| CVE-2026-49113 | 2 Themeco, Wordpress | 2 Cornerstone, Wordpress | 2026-06-20 | 8.5 High |
| Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions. | ||||
| CVE-2026-48055 | 1 Truelockmc | 1 Streambert | 2026-06-20 | 10 Critical |
| Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction, allowing a malicious archive to perform path traversal and write arbitrary files to the host filesystem. The subtitle extraction process downloads a ZIP archive and extracts its entries. The destination file path is constructed by concatenating the raw archive entry name (extracted.name) directly to the temporary directory path. If a malicious ZIP archive containing directory traversal sequences is processed, it escapes the temporary directory boundaries. The application then writes the extracted payload anywhere on the host filesystem subject to the application's current write permissions. This issue has been fixed in version 2.5.0. | ||||
| CVE-2026-25470 | 2 Acpt, Wordpress | 2 Acpt (pro) - Custom Post Types Plugin For Wordpress, Wordpress | 2026-06-20 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47. | ||||
| CVE-2026-48788 | 1 Umputun | 1 Remark42 | 2026-06-20 | N/A |
| Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability exploitable through content-type spoofing. The Remark42 image proxy fetches an arbitrary remote URL and re-serves the response from Remark42's own origin. During the download phase, the proxy determines whether the resource is an image by inspecting only the Content-Type header advertised by the remote server, never examining the actual bytes; during the serving phase, it instead derives the response Content-Type by sniffing those bytes with http.DetectContentType. An attacker can exploit this inconsistency by hosting a URL that advertises Content-Type: image/png while returning an HTML/JavaScript body: the download check accepts it as an image, the serving path sniffs the body and emits Content-Type: text/html, and the browser renders the attacker-controlled HTML/JavaScript as a document within Remark42's origin. Exploitation requires no Remark42 account on the target instance; the attacker only needs to host the malicious upstream URL and deliver the proxy link to a victim by any means, such as email, direct message, or a link on another website. This issue has been fixed in version 1.16.0. | ||||
| CVE-2026-48797 | 1 Mcp-tool-shop-org | 1 Backpropagate | 2026-06-20 | N/A |
| Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing flags intended as security controls: --auth user:pass — documented as "require HTTP Basic authentication on every request to the UI." and--share — documented as "expose the UI on a public address; requires --auth." When --auth user:pass is passed, the CLI prints Auth: enabled (user: <username>) to confirm to the operator that authentication is active, then exports BACKPROPAGATE_UI_AUTH=user:pass to the subprocess that launches the Reflex backend. The Reflex backend (backpropagate/ui_app/**) never reads BACKPROPAGATE_UI_AUTH. No authentication middleware is registered. No request-level guard runs. No WebSocket upgrade guard runs. Any client that reaches the bound port — local or remote, depending on whether --share is used — has full UI access. An inline comment at backpropagate/cli.py:1217-1218 in the v1.1.0 source documents the gap: "For Phase 1 the variable is exported but Reflex doesn't read it yet." This comment was internal-facing; the user-facing documentation (README, CHANGELOG, SHIP_GATE) advertised the contract as enforced. An attacker who reaches the bound port can read uploaded datasets, trigger arbitrary training runs against any local base models as well as read their paths, trigger HuggingFace Hub pushes and cause disk-fill DoS. This issue has been fixed in version 1.2.0. If developers cannot immediately upgrade to 1.2.0 run backprop ui with no flags so it binds to localhost, use SSH port-forwarding (ssh -L 7860:localhost:7860 <training-host>) instead of --share for remote access, and audit any host previously launched with --share, re-issuing any HF tokens used during those sessions. | ||||
| CVE-2026-53876 | 1 Msi | 1 Radix Ax6600 Wifi 6 Tri-band Gaming Router | 2026-06-20 | N/A |
| RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator. | ||||