Search Results (85441 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54842 2 Royal Plugins, Wordpress 2 Royal Mcp, Wordpress 2026-06-25 8.1 High
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.
CVE-2026-46733 1 Dell 1 Display And Peripheral Manager 2026-06-25 7.8 High
Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2026-56014 2 Averta, Wordpress 2 Master Slider, Wordpress 2026-06-25 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
CVE-2026-54829 2 Jacob N. Breetvelt, Wordpress 2 Wp Photo Album Plus, Wordpress 2026-06-25 7.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
CVE-2026-55759 1 Rocketchat 1 Rocket.chat 2026-06-25 7.4 High
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted regardless of aud, exp, nbf, or nonce. An attacker who obtains a target user's Apple identity token (from server logs, an intercepted sign-in flow, or another application sharing the same Apple developer team) can replay it to authenticate as that user, with no expiration on the replay window. This vulnerability is fixed in 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13.
CVE-2026-52805 1 Gogs 1 Gogs 2026-06-25 8.7 High
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery (SSRF) vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated user can submit a public URL that redirects to a blocked internal endpoint (e.g., 127.0.0.1), importing the internal repository's contents into an attacker-controlled repository. This vulnerability is fixed in 0.14.3.
CVE-2026-56042 2 Algolplus, Wordpress 2 Advanced Order Export For Woocommerce, Wordpress 2026-06-25 7.1 High
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
CVE-2026-56049 2 Postsnippets, Wordpress 2 Post Snippets, Wordpress 2026-06-25 8.5 High
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
CVE-2026-56054 2 Ahmad, Wordpress 2 Js Help Desk, Wordpress 2026-06-25 7.7 High
Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.
CVE-2026-46734 1 Dell 1 Display And Peripheral Manager 2026-06-25 7.3 High
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
CVE-2026-46735 1 Dell 1 Display And Peripheral Manager 2026-06-25 7.8 High
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2025-2586 1 Redhat 1 Openshift Lightspeed 2026-06-25 7.5 High
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.
CVE-2026-12992 1 Redhat 1 Apicurio Registry 2026-06-25 7.4 High
A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import locations, causing the registry to issue HTTP requests to arbitrary internal URLs (server-side request forgery).
CVE-2026-53218 1 Linux 1 Linux Kernel 2026-06-25 7.0 High
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_exthdr: fix register tracking for F_PRESENT flag nft_exthdr_init() passes user-controlled priv->len to nft_parse_register_store(), which marks that many bytes in the register bitmap as initialized. However, when NFT_EXTHDR_F_PRESENT is set, the eval paths write only 1 byte (nft_reg_store8) or 4 bytes (*dest = 0 on TCP/DCCP error path). When len > 4, registers beyond the first are never written, retaining uninitialized stack data from nft_regs. Bail out if userspace requests too much data when F_PRESENT is set.
CVE-2026-54841 2 Appsbd, Wordpress 2 Vitepos, Wordpress 2026-06-25 7.5 High
Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.
CVE-2026-55477 1 Mhsanaei 1 3x-ui 2026-06-25 7.2 High
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code execution and persistent access as the user running Xray (including root when Xray is running as root). This vulnerability is fixed in 3.3.1.
CVE-2025-64309 1 Brightpick Ai 1 Mission Control 2026-06-25 7.4 High
The affected product discloses device telemetry, configuration, and sensitive information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
CVE-2026-33612 1 Powerdns 1 Recursor 2026-06-25 7.5 High
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.
CVE-2026-56767 1 Getmaxun 1 Maxun 2026-06-25 8.8 High
Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute other users' robots by bypassing ownership checks in API endpoints.
CVE-2026-49839 2 Jqlang, Redhat 2 Jq, Hummingbird 2026-06-25 7.1 High
jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jv_load_file(raw=1) reads an attacker-controlled file, it repeatedly appends file chunks to the same jv string accumulator. Once jv_string_append_buf() returns jv_invalid_with_msg("String too long"), the raw-file loop does not stop. If the file contains at least one more byte, the next loop iteration appends a new chunk to an object that is already invalid. With assertions enabled this aborts in jvp_string_ptr(). With assertions disabled, the invalid object is interpreted as a string object and ASan reports heap-buffer-overflow. This vulnerability is fixed in 1.8.2.