Export limit exceeded: 365174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365174 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-15558 1 Codeastro 1 Simple Online Leave Management System 2026-07-13 6.3 Medium
A security vulnerability has been detected in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/deletemp.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-57407 2 Wordpress, Wpswings 2 Wordpress, Pdf Generator For Wordpress 2026-07-13 7.2 High
Server-Side Request Forgery (SSRF) vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through <= 1.6.2.
CVE-2026-59516 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through <= 12.1.1.
CVE-2026-57812 2 Nsquared, Wordpress 2 Simply Schedule Appointments, Wordpress 2026-07-13 6.5 Medium
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.12.4.
CVE-2026-57369 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through <= 7.7.4.
CVE-2026-57802 2 Select-themes, Wordpress 2 Struktur, Wordpress 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through <= 2.5.1.
CVE-2026-10085 1 Mattermost 1 Mattermost 2026-07-13 5.4 Medium
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688
CVE-2026-10106 1 Mattermost 1 Mattermost 2026-07-13 6.5 Medium
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690
CVE-2026-6850 1 Mattermost 1 Mattermost 2026-07-13 6.5 Medium
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658
CVE-2026-9597 1 Mattermost 1 Mattermost 2026-07-13 5.4 Medium
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681
CVE-2026-57745 2 Stmcan, Wordpress 2 Rt-theme 18 | Extensions, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
CVE-2026-57738 2 Axiomthemes, Wordpress 2 777, Wordpress 2026-07-13 9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through <= 1.13.0.
CVE-2026-57385 2 Appsbd, Wordpress 2 Vitepos, Wordpress 2026-07-13 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through <= 3.4.2.
CVE-2026-57363 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3.7.
CVE-2026-57727 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-07-13 7.5 High
Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13.
CVE-2026-57372 2 Denishua, Wordpress 2 Wpjam Basic, Wordpress 2026-07-13 7.2 High
Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0.
CVE-2026-57709 2 Wordpress, Wpswings 2 Wordpress, Membership For Woocommerce 2026-07-13 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through <= 3.1.0.
CVE-2026-57698 2 Villatheme, Wordpress 2 Abandoned Cart Recovery For Woocommerce, Wordpress 2026-07-13 6.5 Medium
Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.12.
CVE-2026-57668 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.2.2.
CVE-2026-57419 2 Fahadmahmood8, Wordpress 2 Stock Locations For Woocommerce, Wordpress 2026-07-13 6.5 Medium
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through <= 3.1.8.