Export limit exceeded: 358290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358290 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42655 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions. | ||||
| CVE-2026-42411 | 2026-06-15 | 8.1 High | ||
| Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions. | ||||
| CVE-2026-40799 | 2026-06-15 | 5.8 Medium | ||
| Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions. | ||||
| CVE-2026-40792 | 2026-06-15 | 6.3 Medium | ||
| Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions. | ||||
| CVE-2026-48723 | 2026-06-15 | 7.8 High | ||
| The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6. | ||||
| CVE-2026-40785 | 2026-06-15 | 7.1 High | ||
| Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions. | ||||
| CVE-2026-39527 | 2026-06-15 | 5.4 Medium | ||
| Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions. | ||||
| CVE-2026-39502 | 2026-06-15 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. | ||||
| CVE-2026-53523 | 1 Nezhahq | 1 Nezha | 2026-06-15 | 6.8 Medium |
| Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero validation of the Host header. This can result in host header injection. This issue has been patched in version 2.2.0. | ||||
| CVE-2026-39450 | 2026-06-15 | 7.1 High | ||
| Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. | ||||
| CVE-2026-25425 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. | ||||
| CVE-2025-68840 | 2026-06-15 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions. | ||||
| CVE-2026-52722 | 1 Redhat | 1 Enterprise Linux | 2026-06-15 | 7.1 High |
| A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure. | ||||
| CVE-2026-48114 | 2026-06-15 | 9.8 Critical | ||
| Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0. | ||||
| CVE-2016-20084 | 2026-06-15 | 7.2 High | ||
| WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScript into the 'ict' and 'ics' options or the calendar 'name' parameter via GET requests to execute arbitrary scripts when the calendar is displayed or accessed in the administration interface. | ||||
| CVE-2016-20078 | 2026-06-15 | 6.2 Medium | ||
| WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data. | ||||
| CVE-2016-20073 | 2026-06-15 | 8.2 High | ||
| Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data. | ||||
| CVE-2016-20067 | 2026-06-15 | 4.3 Medium | ||
| WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in. | ||||
| CVE-2026-49061 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions. | ||||
| CVE-2026-48853 | 1 Elixir-grpc | 1 Grpc | 2026-06-15 | N/A |
| Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0. | ||||