Export limit exceeded: 85436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-49416 1 Freebsd 1 Freebsd 2026-06-29 7.8 High
The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An unprivileged local user with access to a vt(4) device can trigger an out-of-bounds write in the kernel, potentially escalating privileges.
CVE-2026-10820 2 Properfraction, Wordpress 2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress 2026-06-29 8.1 High
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference.
CVE-2026-8095 2 Najeebmedia, Wordpress 2 Frontend File Manager Plugin, Wordpress 2026-06-29 8.1 High
The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler, where supplying WPFM_DIR_PATH in uppercase evades the unset check and is normalized to wpfm_dir_path by sanitize_key() during update_post_meta(), allowing an attacker to overwrite the stored file path with an arbitrary filesystem path that is then passed directly to unlink() in delete_file_locally() without any directory containment validation. This makes it possible for authenticated attackers with Subscriber-level access to delete arbitrary files on the server, including sensitive files such as wp-config.php, potentially leading to full site takeover.
CVE-2026-57346 2 Epiph, Wordpress 2 Embed Privacy, Wordpress 2026-06-29 7.1 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3.
CVE-2025-63391 2 Open-webui, Openwebui 2 Open-webui, Open Webui 2026-06-29 7.5 High
DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2026-9643 2 Joomunited, Wordpress 2 Wp Meta Seo, Wordpress 2026-06-29 7.2 High
The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and including, 4.5.18. When the plugin's `wpmsTemplateRedirect()` hook detects a 404, it concatenates `$_SERVER['HTTP_HOST']` with the raw `$_SERVER['REQUEST_URI']` and inserts that value verbatim into the `wp_wpms_links.link_url` column via `$wpdb->insert()`. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute whenever an administrator views the plugin's 404 & Redirects admin page (`/wp-admin/admin.php?page=metaseo_broken_link`).
CVE-2026-12077 2 Wedevs, Wordpress 2 Dokan Pro, Wordpress 2026-06-29 7.5 High
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-40523 1 Frontaccounting 1 Frontaccounting 2026-06-29 8.1 High
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM_2 and PARAM_3 POST parameters. Attackers can exploit time-based blind SQL injection through SLEEP() functions that are amplified across JOIN result sets to cause denial of service by exhausting database connections, or extract arbitrary database content through UNION-based injection techniques.
CVE-2026-38641 1 Redox-os 1 Relibc 2026-06-29 7.5 High
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
CVE-2026-40522 1 Frontaccounting 1 Frontaccounting 2026-06-29 7.1 High
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the unparameterized WHERE clause to retrieve sensitive information including usernames, password hashes, and email addresses from the users table, rendered into PDF report output.
CVE-2026-13606 1 Graphicsmagick 1 Graphicsmagick 2026-06-29 8.1 High
A flaw was found in GraphicsMagick's Photo CD (PCD) decoder. A remote attacker could exploit this vulnerability by providing a specially crafted PCD file. This could lead to an out-of-bounds write, corrupting memory and potentially causing a denial of service or other unpredictable system behavior.
CVE-2026-54369 1 Acl Project 1 Acl 2026-06-29 7.1 High
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation.
CVE-2026-13676 1 Fast-uri 1 Fast-uri 2026-06-29 7.5 High
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize() and equal() still return values that differ from a WHATWG-compatible URL parser. Applications that use fast-uri to enforce host-based policy (denylists, loopback filtering, redirect validation, outbound proxy routing) before passing the same URL to Node's URL or fetch can be bypassed when the two implementations resolve the same input to different hosts. Patches: upgrade to fast-uri 3.1.3 for the 3.x line or 4.0.1 for the 4.x line. Workarounds: enforce host policy using the same URL parser used for the actual request, or reject non-ASCII hosts before policy checks.
CVE-2026-27366 2 Mainwp, Wordpress 2 Mainwp Child, Wordpress 2026-06-29 7.5 High
Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.
CVE-2026-54830 2 Etoile Web Design Incorporated, Wordpress 2 Five Star Restaurant Reservations, Wordpress 2026-06-29 7.5 High
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
CVE-2026-54844 2 Checkview, Wordpress 2 Checkview Automated Testing, Wordpress 2026-06-29 7.5 High
Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.
CVE-2026-56051 2 Tablepress, Wordpress 2 Tablepress, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
CVE-2026-54826 2 Psm Plugins, Wordpress 2 Supportcandy, Wordpress 2026-06-29 7.6 High
Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.
CVE-2026-13601 1 Redhat 1 Enterprise Linux 2026-06-29 7.1 High
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.
CVE-2026-13582 1 Edimax 1 Ew-7478apc 2026-06-29 8.8 High
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.