Export limit exceeded: 85436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-10835 2 Salesmanago, Wordpress 2 Salesmanago, Wordpress 2026-06-29 7.7 High
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.
CVE-2026-49486 1 Apache 1 Airflow Ftp Provider 2026-06-29 7.5 High
The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using `FTPSHook` or `FTPSFileTransmitOperator` to move files over FTPS exposed file contents and credentials-in-transit to a network attacker able to observe the data connection. Upgrade apache-airflow-providers-ftp to `3.15.1` or later, which issues `PROT P` to encrypt the data channel.
CVE-2026-57912 1 Johnson & Johnson 1 Campus Recruiting 2026-06-29 7.5 High
Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers.
CVE-2026-57913 1 Johnson & Johnson 1 Audit Tracking Management System 2026-06-29 7.5 High
Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts.
CVE-2026-57920 1 Peplink 1 Incontrol 2026-06-29 7.7 High
Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints.
CVE-2026-57527 1 Zaproxy 1 Zap-extensions 2026-06-29 8.8 High
Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter. The JSFViewState.decode() method base64-decodes the ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowlist, or type restriction, causing the malicious object to be deserialized within the ZAP JVM when the Desktop UI renders the ViewState panel.
CVE-2025-68063 2 Stylemixthemes, Wordpress 2 Splash - Sport Club Wordpress Theme For Basketball, Football, Hockey, Wordpress 2026-06-29 7.5 High
Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions.
CVE-2025-68064 2 Everthemess, Wordpress 2 Goya Core, Wordpress 2026-06-29 7.5 High
Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.
CVE-2026-54833 2 Dev Kabir, Wordpress 2 Enable Cors, Wordpress 2026-06-29 7.4 High
Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.
CVE-2026-54834 2 Fpuenteonline, Wordpress 2 Object Cache 4 Everyone, Wordpress 2026-06-29 7.5 High
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
CVE-2026-54835 2 Rustaurius, Wordpress 2 Five Star Restaurant Menu, Wordpress 2026-06-29 7.5 High
Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.
CVE-2026-54837 2 Syed Balkhi, Wordpress 2 Intranet & Private Site – All-in-one Intranet, Wordpress 2026-06-29 7.5 High
Unauthenticated Broken Access Control in Intranet &amp; Private Site &#8211; All-In-One Intranet <= 1.8.1 versions.
CVE-2026-54839 2 Kingaddons, Wordpress 2 Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups, Wordpress 2026-06-29 7.5 High
Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.
CVE-2026-54846 2 Akosglys, Wordpress 2 Syncee Premium Dropshipping & Wholesale, Wordpress 2026-06-29 7.5 High
Unauthenticated Broken Access Control in Syncee Premium Dropshipping &amp; Wholesale <= 1.0.27 versions.
CVE-2026-56025 2 Paymob, Wordpress 2 Paymob For Woocommerce, Wordpress 2026-06-29 7.5 High
Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.
CVE-2026-56029 2 Corvuspay, Wordpress 2 Woocommerce Payment Gateway, Wordpress 2026-06-29 7.5 High
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
CVE-2026-56035 2 Cory Marsh, Wordpress 2 Bitfire Security, Wordpress 2026-06-29 8.6 High
Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions.
CVE-2026-56038 2 Frisbii, Wordpress 2 Frisbii Pay, Wordpress 2026-06-29 8.8 High
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
CVE-2026-56039 2 Wordpress, Wordpress.com 2 Wordpress, Quick Interest Slider 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
CVE-2026-56040 2 Wordpress, Wordpress.com 2 Wordpress, Gutenverse Form 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.