Export limit exceeded: 365250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365250 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57371 | 2 Denishua, Wordpress | 2 Wpjam Basic, Wordpress | 2026-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through <= 7.0. | ||||
| CVE-2026-57379 | 2 Wordpress, Wppool | 2 Wordpress, Formychat | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through <= 2.15.3. | ||||
| CVE-2026-57386 | 2 Kodezen, Wordpress | 2 Ablocks, Wordpress | 2026-07-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through < 2.9.1. | ||||
| CVE-2026-9492 | 1 Gigabyte | 1 Mbstorage | 2026-07-13 | 7.8 High |
| The MBStorage DRAM lighting control module within Gigabyte Control Center (GCC) developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIO_x64.sys bundled with the module, thereby arbitrarily reading and writing physical memory and obtaining kernel-level privileges. | ||||
| CVE-2026-57392 | 2 Themefic, Wordpress | 2 Tourfic, Wordpress | 2026-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.22.5. | ||||
| CVE-2026-57399 | 2 Proxy & Vpn Blocker, Wordpress | 2 Proxy & Vpn Blocker, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.8. | ||||
| CVE-2026-57405 | 2 Themehunk, Wordpress | 2 Open Shop, Wordpress | 2026-07-13 | 7.1 High |
| Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through <= 1.7.1. | ||||
| CVE-2026-15541 | 1 Will-moss | 1 Isaiah | 2026-07-13 | 7.3 High |
| A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch the attack remotely. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-14453 | 1 Centreon | 1 Infra Monitoring | 2026-07-13 | 9.6 Critical |
| This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to inject and execute arbitrary code on the server. This results in disclosure of environment secrets and could impact platform availability of Centreon Infra Monitoring product. | ||||
| CVE-2026-57411 | 2 Aman, Wordpress | 2 Cf7 Views – Complete Entry Management For Contact Form 7, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman CF7 Views – Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views – Complete Entry Management for Contact Form 7: from n/a through <= 3.2.2. | ||||
| CVE-2026-57365 | 2 Hitesh Chandwani, Wordpress | 2 Recaptcha (v2 & V3) For Asgaros Forum, Wordpress | 2026-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 & v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA (v2 & v3) for Asgaros Forum: from n/a through <= 1.1.0. | ||||
| CVE-2026-57364 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Better Payment – Instant Payments, Donations, Fundraising With Subscriptions & More | 2026-07-13 | 6.5 Medium |
| Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More: from n/a through <= 2.2.0. | ||||
| CVE-2026-57378 | 2 Phil Kurth, Wordpress | 2 Advanced Forms, Wordpress | 2026-07-13 | 7.5 High |
| Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through <= 1.9.3.7. | ||||
| CVE-2026-57417 | 2 Rextheme, Wordpress | 2 Cart Lift, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through <= 3.1.57. | ||||
| CVE-2026-57423 | 2 Kofimokome, Wordpress | 2 Message Filter For Contact Form 7, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.8. | ||||
| CVE-2026-57406 | 2 Roxnor, Wordpress | 2 Fundengine, Wordpress | 2026-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through <= 1.7.6. | ||||
| CVE-2026-57695 | 2 Dan Rossiter, Wordpress | 2 Document Gallery, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through <= 5.1.0. | ||||
| CVE-2026-57424 | 2 Knitpay, Wordpress | 2 Razorpay Payment Links For Woocommerce, Wordpress | 2026-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through <= 2.1.4. | ||||
| CVE-2026-57707 | 2026-07-13 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through <= 15.9.4. | ||||
| CVE-2026-57739 | 2 Acymailing Newsletter Team, Wordpress | 2 Acymailing Smtp Newsletter, Wordpress | 2026-07-13 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0. | ||||