Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 85436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56047 2 Perfmatters, Powered Kinsta + Generatepress Docs Changelog Feature Requests Legal Affiliate Contact, Wordpress 2 Perfmatters, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
CVE-2026-56063 2 Bplugins, Wordpress 2 Mailchimp Block, Wordpress 2026-06-29 8.3 High
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
CVE-2026-56069 2 Site Building With Toolset, Wordpress 2 Toolset Forms, Wordpress 2026-06-29 7.5 High
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
CVE-2026-57321 2 Icc0rz, Wordpress 2 H5p, Wordpress 2026-06-29 7.1 High
Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.
CVE-2026-57325 2 Jellywp, Wordpress 2 Nanomag, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
CVE-2026-57644 2 Jetmonsters, Wordpress 2 Restaurant Menu By Motopress, Wordpress 2026-06-29 8.5 High
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
CVE-2026-57647 2 Bplugins, Wordpress 2 Panorama Viewer – 360 Degree Image + Video Viewer, Wordpress 2026-06-29 7.5 High
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.
CVE-2026-57655 2 Jay Versluis, Wordpress 2 Child Theme Wizard, Wordpress 2026-06-29 8.2 High
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
CVE-2026-57659 2 Stranger Studios, Wordpress 2 Paid Memberships Pro - Add Member From Admin, Wordpress 2026-06-29 8.8 High
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
CVE-2026-57667 2 Adrian Tobey, Wordpress 2 Groundhogg, Wordpress 2026-06-29 8.5 High
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
CVE-2026-0828 1 Safetica 1 Endpoint Client 2026-06-29 7.5 High
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
CVE-2026-57231 1 Podman-container-tools 1 Podman 2026-06-29 7.5 High
Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk (*) will cause podman to pass all host variables into the container. So essentially a malicious image can exfiltrate all podman environment variables that are set in the session from where the container is launched. This vulnerability is fixed in 5.8.4 and 6.0.0.
CVE-2026-32833 1 Shenzhen Cudy Technology 1 Lt300 3.0 2026-06-29 8.8 High
Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code execution on the underlying system.
CVE-2026-46604 1 Golang 1 Image 2026-06-29 7.5 High
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
CVE-2026-33560 1 Daktronics 3 Dmp-5000, Dmp-8000, Vfc-dmp-5000 2026-06-29 7.1 High
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server.
CVE-2026-31928 1 Daktronics 3 Dmp-5000, Dmp-8000, Vfc-dmp-5000 2026-06-29 8.1 High
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.
CVE-2026-55975 1 H.view 1 Hv-500s6 Ip Camera 2026-06-29 7.2 High
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.
CVE-2026-56414 1 H.view 1 Hv-500s6 Ip Camera 2026-06-29 7.2 High
A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot.
CVE-2026-13500 1 Antlr 1 Antlr4 2026-06-29 7.3 High
A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-10083 2 Apcu Manager, Wordpress 2 Apcu Manager, Wordpress 2026-06-29 7.5 High
The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persistent object cache is enabled, cache keys derived from unsanitised user input (e.g. a transient name created by another APCu Manager WordPress plugin before 4.5.0 from an unauthenticated request) are output without escaping and execute arbitrary JavaScript in the session of an administrator viewing the page.