Search Results (85436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4727 1 Redhat 6 Certificate System Eus, Enterprise Linux, Rhel Aus and 3 more 2026-06-26 7.5 High
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
CVE-2026-24637 2 Blubrry, Wordpress 2 Powerpress Podcasting, Wordpress 2026-06-26 8.5 High
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
CVE-2026-27407 2 Meowapps, Wordpress 2 Ai Engine, Wordpress 2026-06-26 7.2 High
Editor Privilege Escalation in AI Engine <= 3.4.9 versions.
CVE-2026-39450 2 Funnelkit, Wordpress 2 Funnelkit Automations, Wordpress 2026-06-26 7.1 High
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
CVE-2026-39518 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 7.1 High
Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.
CVE-2026-39524 2 Themegrill, Wordpress 2 Masteriyo, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
CVE-2026-39532 2 Stiofansisland, Wordpress 2 Events Calendar For Geodirectory, Wordpress 2026-06-26 8.8 High
Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.
CVE-2026-39534 2 Wordpress, Wpdirectorykit 2 Wordpress, Wp Directory Kit 2026-06-26 7.5 High
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
CVE-2026-40779 2 Wordpress, Ylefebvre 2 Wordpress, Link Library 2026-06-26 7.7 High
Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
CVE-2026-42668 2 Omnisend, Wordpress 2 Email Marketing For Woocommerce, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.
CVE-2026-42686 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 7.1 High
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
CVE-2026-42687 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.
CVE-2026-45437 2 Brthumar1959, Wordpress 2 Product Filter Widget For Elementor, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions.
CVE-2026-45441 2 Magepeopleteam, Wordpress 2 Wpevently, Wordpress 2026-06-26 7.5 High
Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
CVE-2026-49078 2 Wordpress, Wptravelengine 2 Wordpress, Wp Travel Engine 2026-06-26 7.5 High
Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
CVE-2026-52714 2 Squirrly, Wordpress 2 Seo Plugin By Squirrly Seo, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
CVE-2026-35318 2 Oracle, Orcacle 2 Webcenter Sites, Webcenter Sites 2026-06-26 8.8 High
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVE-2026-12348 1 The Browsercompany Of New York 1 Arcsearch 2026-06-26 7.4 High
Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.
CVE-2026-12256 2 Theme-fusion, Wordpress 2 Avada, Wordpress 2026-06-26 8.8 High
Contributor PHP Object Injection in Avada <= 3.15.3 versions.
CVE-2026-39539 2 Edge-themes, Wordpress 2 Alloggio Hotel Booking, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.