Export limit exceeded: 366301 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366301 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50879 | 1 Linx-server | 1 Linx-server | 2026-06-26 | 7.5 High |
| An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2026-50880 | 1 Youtransfer | 1 Youtransfer | 2026-06-26 | 9.8 Critical |
| An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request. | ||||
| CVE-2026-50882 | 1 Anna-is-cute | 1 Paste | 2026-06-26 | 7.5 High |
| An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2026-50883 | 1 Matze | 1 Wastebin | 2026-06-26 | 9.6 Critical |
| An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload. | ||||
| CVE-2026-50884 | 1 Statping-ng | 1 Statping-ng | 2026-06-26 | 8.8 High |
| Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components. | ||||
| CVE-2026-50886 | 1 Firefly | 1 Project Firefly Iii | 2026-06-26 | 9.1 Critical |
| Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request. | ||||
| CVE-2026-50887 | 1 Shlink | 1 Shlink | 2026-06-26 | 9.1 Critical |
| A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl. | ||||
| CVE-2026-50889 | 1 Lldap | 1 Lldap | 2026-06-26 | 7.5 High |
| An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a crafted refresh-token header. | ||||
| CVE-2016-20066 | 2 Dwbooster, Wordpress | 2 Cp Polls, Wordpress | 2026-06-26 | 7.2 High |
| WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary JavaScript in the browsers of users viewing the affected content. | ||||
| CVE-2016-20067 | 2 Dwbooster, Wordpress | 2 Cp Polls, Wordpress | 2026-06-26 | 4.3 Medium |
| WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in. | ||||
| CVE-2026-52721 | 2 Gstreamer Project, Redhat | 2 Gstreamer Plugin, Enterprise Linux | 2026-06-26 | 5.3 Medium |
| Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure. | ||||
| CVE-2026-34891 | 2 Hitpay, Idpay | 2 Payment Gateway For Woocommerce, Payment Gateway For Woocommerce | 2026-06-26 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions. | ||||
| CVE-2026-39470 | 2 Brainstorm Force, Wordpress | 2 Woocommerce Cart Abandonment Recovery, Wordpress | 2026-06-26 | 7.2 High |
| Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions. | ||||
| CVE-2026-39478 | 2 Eli Scheetz, Wordpress | 2 Anti-malware Security And Brute-force Firewall, Wordpress | 2026-06-26 | 8.8 High |
| Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions. | ||||
| CVE-2026-39502 | 2 10web, Wordpress | 2 Form Maker, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. | ||||
| CVE-2026-39533 | 2 Wordpress, Wptasty | 2 Wordpress, Awp Classifieds | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions. | ||||
| CVE-2026-49055 | 2 Glen Don Mongaya, Wordpress | 2 Drag And Drop Multiple File Upload – Contact Form 7, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions. | ||||
| CVE-2026-49061 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Product Options For Woocommerce | 2026-06-26 | 7.5 High |
| Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions. | ||||
| CVE-2026-52699 | 2 E4jvikwp, Wordpress | 2 Vikrentcar, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | ||||
| CVE-2026-6964 | 2 J 3rk, Wordpress | 2 Video Conferencing With Zoom, Wordpress | 2026-06-26 | 5.3 Medium |
| The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain the site's Zoom SDK API key and a freshly-signed JWT that can be used with the Zoom Web SDK to join any Zoom meeting associated with those credentials without a legitimate invitation. | ||||