Export limit exceeded: 351143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351143 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8425 | 2 Pektsekye, Wordpress | 2 Notify Odoo, Wordpress | 2026-05-15 | 4.3 Medium |
| The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the _updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to an attacker-controlled URL and modify notification, tracking image, and allowed IP address settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-41965 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.6 Medium |
| Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41962 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 3.6 Low |
| Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-0044 | 1 Amd | 8 Amd Ryzen™ Ai 300 Series Processors, Radeon Pro W7000 Series, Radeon Rx 7000 Series and 5 more | 2026-05-15 | N/A |
| An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability. | ||||
| CVE-2026-4094 | 2 Realmag777, Wordpress | 2 Fox – Currency Switcher Professional For Woocommerce, Wordpress | 2026-05-15 | 8.1 High |
| The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete the entire multi-currency configuration by visiting any wp-admin page with the `woocs_reset` parameter appended. Additionally, because no nonce is verified, this is also exploitable via Cross-Site Request Forgery against any administrator. The vulnerability may also be exploited by Subscriber-level users if the site is configured to allow Subscriber access to 'wp-admin' pages. | ||||
| CVE-2026-44661 | 2026-05-15 | 4.7 Medium | ||
| python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. register_manual() validates the discovery URL against an HTTPS / loopback allowlist, but call_tool() and call_tool_streaming() reuse the resolved tool_call_template.url directly without revalidating, and the OpenAPI converter blindly trusts whatever servers[0].url an attacker-hosted spec declares. An attacker who hosts a malicious OpenAPI spec on a legitimate HTTPS endpoint can declare e.g. servers: [{ url: "http://127.0.0.1:9090" }] or servers: [{ url: "http://169.254.169.254" }]; the OpenAPI converter then produces tools whose URL points at internal services on the agent host. All three HTTP-class protocols (utcp_http.http, utcp_http.streamable_http, utcp_http.sse) shared the same gap. This vulnerability is fixed in 1.1.3. | ||||
| CVE-2026-45370 | 2026-05-15 | 7.7 High | ||
| python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This vulnerability is fixed in 1.1.3. | ||||
| CVE-2026-44700 | 2026-05-15 | N/A | ||
| Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1. | ||||
| CVE-2026-4031 | 2 Wordpress, Wpengine | 2 Wordpress, Database Backup For Wordpress | 2026-05-15 | 7.5 High |
| The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where database backups are written. This makes it possible for unauthenticated attackers to send a request to wp-cron.php with a poisoned wp_db_temp_dir value pointing to a publicly accessible directory (e.g., wp-content/uploads/), and if a scheduled backup is due, intercept the backup file before it is cleaned up. The backup file has a predictable name based on the database name, table prefix, date, and Swatch Internet Time, making interception reliable. Successful exploitation leads to Sensitive Information Exposure including database credentials, user password hashes, and personally identifiable information. This vulnerability requires that the site administrator has configured scheduled backups. | ||||
| CVE-2025-54511 | 2026-05-15 | N/A | ||
| Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability. | ||||
| CVE-2026-4030 | 2 Wordpress, Wpengine | 2 Wordpress, Database Backup For Wordpress | 2026-05-15 | 8.1 High |
| The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup directory parameter. This makes it possible for unauthenticated attackers to read and delete arbitrary files on the server, leading to Sensitive Information Exposure and potential site takeover. Note: This vulnerability is only exploitable in WordPress Multisite environments where the deprecated is_site_admin() function exists. | ||||
| CVE-2026-4029 | 2 Wordpress, Wpengine | 2 Wordpress, Database Backup For Wordpress | 2026-05-15 | 7.5 High |
| The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to export database tables, leading to Sensitive Information Exposure. Note: This vulnerability is only exploitable in WordPress Multisite environments where the deprecated is_site_admin() function exists. | ||||
| CVE-2026-21730 | 1 Verint | 1 Verba | 2026-05-15 | N/A |
| Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field. This payload will be executed in the context of the administrator’s browser when the admin accesses the web application's log viewer. The vendor was notified early about this vulnerability, but didn't respond to our messages. This issue was fixed in version 10.0.6 | ||||
| CVE-2026-44482 | 1 Richardhbtz | 1 Soundcloud-rpc | 2026-05-15 | 9.6 Critical |
| soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on the user's machine. The application exposes a preload API (window.soundcloudAPI.sendTrackUpdate) to the remote SoundCloud page. Track metadata from SoundCloud is trusted and forwarded through IPC into the Electron main process. The app later renders that metadata as raw HTML inside privileged Electron views that have Node.js integration enabled. This vulnerability is fixed in 0.1.8. | ||||
| CVE-2026-42881 | 1 Squinky86 | 1 Stigqter | 2026-05-15 | N/A |
| STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run the "Export HTML" action. This vulnerability is fixed in 1.2.7. | ||||
| CVE-2026-42281 | 1 Magicmirrororg | 1 Magicmirror | 2026-05-15 | N/A |
| MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (**VAR_NAME**), enabling exfiltration of server-side secrets. This vulnerability is fixed in 2.36.0. | ||||
| CVE-2026-6923 | 1 Nuvoton | 1 Npct7xx | 2026-05-15 | 3.8 Low |
| A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | ||||
| CVE-2026-44312 | 1 Premailer | 1 Css Parser | 2026-05-15 | 5.8 Medium |
| css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFY_NONE, meaning any HTTPS certificate—even entirely untrusted—will be accepted without validation. This vulnerability is fixed in 2.1.0 and 1.22.0. | ||||
| CVE-2026-44511 | 1 Katalyst | 1 Koi | 2026-05-15 | 7.4 High |
| Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This vulnerability is fixed in 4.20.0 and 5.6.0. | ||||
| CVE-2026-42572 | 1 Hatchet-dev | 1 Hatchet | 2026-05-15 | 5.3 Medium |
| Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belonging to that tenant, and receive task metadata for that DAG. This vulnerability is fixed in 0.83.39. | ||||