Export limit exceeded: 363086 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85441 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-52714 2 Squirrly, Wordpress 2 Seo Plugin By Squirrly Seo, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
CVE-2026-35318 2 Oracle, Orcacle 2 Webcenter Sites, Webcenter Sites 2026-06-26 8.8 High
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVE-2026-12348 1 The Browsercompany Of New York 1 Arcsearch 2026-06-26 7.4 High
Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.
CVE-2026-12256 2 Theme-fusion, Wordpress 2 Avada, Wordpress 2026-06-26 8.8 High
Contributor PHP Object Injection in Avada <= 3.15.3 versions.
CVE-2026-39539 2 Edge-themes, Wordpress 2 Alloggio Hotel Booking, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
CVE-2026-49073 2 Wordpress, Wpwax 2 Wordpress, Directorist 2026-06-26 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3.
CVE-2026-39598 2 Kodezen, Wordpress 2 Academy Lms, Wordpress 2026-06-26 8 High
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.
CVE-2026-8089 2 Wedevs, Wordpress 2 Wemail: Email Marketing, Email Automation, Newsletters, Subscribers & Ecommerce Email Optins, Wordpress 2026-06-26 7.1 High
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL.
CVE-2026-9690 2 Joomunited, Wordpress 2 Wp Media Folder, Wordpress 2026-06-26 7.5 High
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
CVE-2026-40721 2 Bdthemes, Wordpress 2 Element Pack, Wordpress 2026-06-26 7.5 High
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
CVE-2026-42385 2 Cozmoslabs, Wordpress 2 Profile Builder, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
CVE-2026-42629 2 Powerpackelements, Wordpress 2 Powerpack Addons For Elementor, Wordpress 2026-06-26 8.8 High
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-49778 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-54802 2 Cozyvision, Wordpress 2 Sms Alert Order Notifications, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2025-69140 2 Seventhqueen, Wordpress 2 Sweet Date, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
CVE-2026-54821 2 Bootstrapped, Wordpress 2 Visual Link Preview, Wordpress 2026-06-26 7.4 High
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
CVE-2026-54822 2 Salesmanago, Wordpress 2 Salesmanago, Wordpress 2026-06-26 8.5 High
Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.
CVE-2026-54828 2 Stylemix, Wordpress 2 Motors, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.
CVE-2026-56053 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 8.8 High
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
CVE-2026-56071 2 Wordpress, Wpmudev 2 Wordpress, Forminator Forms 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.