Search Results (85128 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-34891 2 Hitpay, Idpay 2 Payment Gateway For Woocommerce, Payment Gateway For Woocommerce 2026-06-26 7.5 High
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
CVE-2026-39470 2 Brainstorm Force, Wordpress 2 Woocommerce Cart Abandonment Recovery, Wordpress 2026-06-26 7.2 High
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
CVE-2026-39478 2 Eli Scheetz, Wordpress 2 Anti-malware Security And Brute-force Firewall, Wordpress 2026-06-26 8.8 High
Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.
CVE-2026-39533 2 Wordpress, Wptasty 2 Wordpress, Awp Classifieds 2026-06-26 7.5 High
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
CVE-2026-49055 2 Glen Don Mongaya, Wordpress 2 Drag And Drop Multiple File Upload – Contact Form 7, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.
CVE-2026-49061 2 Wordpress, Wpclever 2 Wordpress, Wpc Product Options For Woocommerce 2026-06-26 7.5 High
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
CVE-2026-52699 2 E4jvikwp, Wordpress 2 Vikrentcar, Wordpress 2026-06-26 7.5 High
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
CVE-2026-44932 1 Suse 1 Wicked 2026-06-26 8.8 High
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
CVE-2026-10649 2 Clusterlabs, Redhat 4 Pacemaker, Enterprise Linux, Openshift and 1 more 2026-06-26 8.6 High
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing.
CVE-2024-38487 1 Dell 1 Emc Vxrail Appliance 2026-06-26 7 High
api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.
CVE-2025-69105 2 Themerex, Wordpress 2 Modernee, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.
CVE-2025-69112 2 Themerex, Wordpress 2 Planty, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions.
CVE-2025-69113 2 Themerex, Wordpress 2 Nexio, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.
CVE-2025-69114 2 Themerex, Wordpress 2 Maxinet, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.
CVE-2025-69116 2 Themerex, Wordpress 2 Iona, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.
CVE-2025-69118 2 Themerex, Wordpress 2 Copypress, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions.
CVE-2025-69124 2 Themerex, Wordpress 2 Especio, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Especio <= 1.0 versions.
CVE-2025-69142 2 Themerex, Wordpress 2 Abelle, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Abelle <= 1.22 versions.
CVE-2025-69143 2 Themerex, Wordpress 2 Mission, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Mission <= 1.22 versions.
CVE-2025-69146 2 Themerex, Wordpress 2 Dom, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Dom <= 1.24 versions.