Export limit exceeded: 363023 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363023 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-11590 2 Wordpress, Wpsupportplus 2 Wordpress, Wp Support Plus Responsive Ticket System 2026-07-01 8.6 High
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.
CVE-2026-56809 1 Ricoh 1 Multiple Laser Printers And Mfps Which Implement Web Image Monitor 2026-07-01 N/A
Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor.
CVE-2025-5278 1 Redhat 5 Discovery, Enterprise Linux, Insights Proxy and 2 more 2026-07-01 4.4 Medium
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
CVE-2026-56024 2 Saad Iqbal, Wordpress 2 Wp Easypay, Wordpress 2026-07-01 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.5.0.
CVE-2026-50734 1 Apache 2 Activemq, Activemq All 2026-07-01 7.5 High
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes the broker to attempt allocation during pre-auth negotiation which can trigger OOM and crash the broker. This issue affects Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
CVE-2026-6556 1 Fastify 1 Fastify-express 2026-07-01 9.1 Critical
@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths (arrays of paths and regular expressions) are left unprefixed inside prefixed plugin scopes, so middleware registered with those forms does not match the actual prefixed request path. Applications that use path-scoped middleware for authentication, authorization, rate limiting, or auditing on routes inside a prefixed scope can be bypassed by sending a request to the prefixed route, because Fastify still matches the route but the middleware is skipped. Patches: upgrade to @fastify/express 4.0.7. Workarounds: use string mount paths instead of arrays or regular expressions in prefixed plugins, or register one use call per path.
CVE-2026-56333 1 Cap-go 1 Cap-go 2026-07-01 4.3 Medium
Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser, circumventing field-level validation checks for max_apikey_expiration_days and other security-sensitive configuration parameters.
CVE-2026-13964 1 Google 1 Chrome 2026-07-01 N/A
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13860 1 Google 1 Chrome 2026-07-01 4.2 Medium
Incorrect security UI in Autofill in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13914 1 Google 1 Chrome 2026-07-01 5.5 Medium
Inappropriate implementation in Passwords in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)
CVE-2026-13933 1 Google 1 Chrome 2026-07-01 5.3 Medium
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13956 1 Google 1 Chrome 2026-07-01 4.2 Medium
Incorrect security UI in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-58376 1 Dolibarr 2 Dolibarr Erp\/crm, Erp Crm 2026-07-01 7.6 High
Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injection vulnerability that allows authenticated API users to exfiltrate arbitrary database contents by supplying malicious values to the sqlfilters query parameter in the setup dictionary and multicurrencies REST API endpoints. The affected endpoints in api_setup.class.php and api_multicurrencies.class.php validate sqlfilters only for balanced parentheses and rewrite matched triplets, allowing text placed outside the expected shape such as an appended UNION SELECT to be concatenated into the SQL WHERE clause unmodified, enabling retrieval of sensitive data including password hashes and API keys.
CVE-2026-12026 1 Google 2 Chrome, Chrome Os 2026-07-01 5.3 Medium
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CVE-2026-43713 1 Apple 3 Ios And Ipados, Macos, Safari 2026-06-30 6.5 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a website may leak sensitive data.
CVE-2026-43724 1 Apple 2 Ios And Ipados, Macos 2026-06-30 7.8 High
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory.
CVE-2026-43721 1 Apple 3 Ios And Ipados, Macos, Safari 2026-06-30 6.5 Medium
This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to silently hijack clipboard data.
CVE-2026-43701 1 Apple 3 Ios And Ipados, Macos, Safari 2026-06-30 7.1 High
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.
CVE-2026-48282 1 Adobe 1 Coldfusion 2026-06-30 10 Critical
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
CVE-2026-14241 1 Mozilla 1 Firefox 2026-06-30 N/A
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152.0.4.