Export limit exceeded: 363619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363619 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57688 | 2 Gurmehub, Wordpress | 2 Pos Entegratör, Wordpress | 2026-07-06 | 8.2 High |
| Unauthenticated Broken Access Control in POS Entegratör <= 3.7.103 versions. | ||||
| CVE-2026-57689 | 2 Fuelthemes, Wordpress | 2 Werkstatt, Wordpress | 2026-07-06 | 4.3 Medium |
| Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions. | ||||
| CVE-2026-57690 | 2 Fuelthemes, Wordpress | 2 Werkstatt, Wordpress | 2026-07-06 | 4.3 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions. | ||||
| CVE-2026-57748 | 2 Shopify Help Center, Wordpress | 2 Shopify, Wordpress | 2026-07-06 | 7.5 High |
| Contributor Local File Inclusion in Shopify <= 1.0.0 versions. | ||||
| CVE-2026-57750 | 2 Keksdieb, Wordpress | 2 Ez Form Calculator Premium, Wordpress | 2026-07-06 | 5.3 Medium |
| Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions. | ||||
| CVE-2026-57751 | 2 Heateor Support, Wordpress | 2 Heateor Social Login, Wordpress | 2026-07-06 | 8.1 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions. | ||||
| CVE-2026-57753 | 2 Nathanbarry, Wordpress | 2 Kit (formerly Convertkit) For Woocommerce, Wordpress | 2026-07-06 | 5.3 Medium |
| Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions. | ||||
| CVE-2026-57755 | 2 Misbah Wp, Wordpress | 2 Mosaic Gallery – Advanced Gallery, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions. | ||||
| CVE-2026-57756 | 2 Wordpress, 友人a丶 | 2 Wordpress, Nicen-localize-image | 2026-07-06 | 8.5 High |
| Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions. | ||||
| CVE-2026-57757 | 2 Ploudapp, Wordpress | 2 Pcloud Wp Backup, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions. | ||||
| CVE-2026-57761 | 2 Blueastralthemes, Wordpress | 2 Seowp, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. | ||||
| CVE-2026-57762 | 2 Andrew Fiebert, Wordpress | 2 Simple Urls, Wordpress | 2026-07-06 | 5.9 Medium |
| Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions. | ||||
| CVE-2026-57763 | 2 Gordon Böhme, Wordpress | 2 Structured Content, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions. | ||||
| CVE-2026-57764 | 2 Surbma, Wordpress | 2 Surbma | Yoast Seo Breadcrumb Shortcode, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions. | ||||
| CVE-2026-57760 | 2 Sendcloud, Wordpress | 2 Sendcloud Shipping, Wordpress | 2026-07-06 | 5.3 Medium |
| Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29. | ||||
| CVE-2026-58652 | 1 Openwrt | 2 Luci-app-travelmate, Travelmate | 2026-07-06 | 7.5 High |
| luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to /etc/travelmate/*.login, this is only a frontend restriction. The backend travelmate service (running as root) reads the raw UCI 'script' and 'script_args' values and executes the configured path when the captive-portal auto-login branch (f_check() in travelmate-functions.sh) is reached. An attacker with delegated write permissions can set script to /bin/sh and script_args to attacker-controlled arguments, resulting in arbitrary command execution as root. Confirmed in luci-app-travelmate/travelmate 2.4.5-r3; the sink is still present in travelmate 2.4.6-1 and no patched version is known. | ||||
| CVE-2026-12167 | 1 Little Orbit | 1 Gamefirst Anti-cheat | 2026-07-06 | 7.8 High |
| The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions. | ||||
| CVE-2026-12166 | 1 Little Orbit | 1 Gamefirst Anti-cheat | 2026-07-06 | 5.5 Medium |
| A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash. | ||||
| CVE-2026-12168 | 1 Little Orbit | 1 Gamefirst Anti-cheat | 2026-07-06 | 7.8 High |
| An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port. | ||||
| CVE-2026-58455 | 1 Notifiarr | 1 Dockwatch | 2026-07-06 | 9.8 Critical |
| Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authentication redirect in loader.php combined with unsanitized input passed to shell_exec() in ajax/compose.php. Attackers can seed the required session flag through the incomplete auth check, then inject arbitrary commands via the composePath POST parameter in the composePull action to achieve full host compromise, facilitated by the standard deployment mounting of the Docker socket. | ||||