Export limit exceeded: 349970 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349970 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12115 | 2026-06-17 | 6.6 Medium | ||
| The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Deserialization is triggered automatically upon the post-import redirect that renders the list table, and again when any item is opened for editing, requiring no additional navigation beyond the import action itself. | ||||
| CVE-2026-49080 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions. | ||||
| CVE-2026-49113 | 2026-06-17 | 8.5 High | ||
| Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions. | ||||
| CVE-2026-49073 | 2026-06-17 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3. | ||||
| CVE-2026-39598 | 2026-06-17 | 8 High | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2. | ||||
| CVE-2026-25470 | 2026-06-17 | 10 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47. | ||||
| CVE-2026-40722 | 2026-06-17 | 5.5 Medium | ||
| Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6. | ||||
| CVE-2024-34810 | 2026-06-17 | 4.3 Medium | ||
| Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10. | ||||
| CVE-2026-12491 | 1 Redhat | 3 Ai Inference Server, Enterprise Linux Ai, Openshift Ai | 2026-06-17 | 4.8 Medium |
| A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data. | ||||
| CVE-2026-54811 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | ||||
| CVE-2026-54807 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. | ||||
| CVE-2026-54806 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. | ||||
| CVE-2026-54805 | 2026-06-17 | 8.8 High | ||
| Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions. | ||||
| CVE-2026-54804 | 2026-06-17 | 7.6 High | ||
| Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions. | ||||
| CVE-2026-54803 | 2026-06-17 | 9.8 Critical | ||
| Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions. | ||||
| CVE-2026-54802 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions. | ||||
| CVE-2026-54196 | 2026-06-17 | 6.8 Medium | ||
| Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions. | ||||
| CVE-2026-54195 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions. | ||||
| CVE-2026-54192 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions. | ||||
| CVE-2026-54189 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | ||||