Export limit exceeded: 358335 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358335 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49078 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. | ||||
| CVE-2026-49082 | 2026-06-16 | 7.4 High | ||
| Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. | ||||
| CVE-2026-49770 | 2026-06-16 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | ||||
| CVE-2026-49775 | 2026-06-16 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | ||||
| CVE-2026-49776 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | ||||
| CVE-2026-49780 | 2026-06-16 | 8.8 High | ||
| Customer Privilege Escalation in Dokan <= 5.0.2 versions. | ||||
| CVE-2026-46061 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: jbd2: fix deadlock in jbd2_journal_cancel_revoke() Commit f76d4c28a46a ("fs/jbd2: use sleeping version of __find_get_block()") changed jbd2_journal_cancel_revoke() to use __find_get_block_nonatomic() which holds the folio lock instead of i_private_lock. This breaks the lock ordering (folio -> buffer) and causes an ABBA deadlock when the filesystem blocksize < pagesize: T1 T2 ext4_mkdir() ext4_init_new_dir() ext4_append() ext4_getblk() lock_buffer() <- A sync_blockdev() blkdev_writepages() writeback_iter() writeback_get_folio() folio_lock() <- B ext4_journal_get_create_access() jbd2_journal_cancel_revoke() __find_get_block_nonatomic() folio_lock() <- B block_write_full_folio() lock_buffer() <- A This can occasionally cause generic/013 to hang. Fix by only calling __find_get_block_nonatomic() when the passed buffer_head doesn't belong to the bdev, which is the only case that we need to look up its bdev alias. Otherwise, the lookup is redundant since the found buffer_head is equal to the one we passed in. | ||||
| CVE-2026-52692 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | ||||
| CVE-2026-52694 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | ||||
| CVE-2026-52695 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | ||||
| CVE-2026-52699 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | ||||
| CVE-2026-46060 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix IRQ cleanup on 6xxx probe failure When adf_dev_up() partially completes and then fails, the IRQ handlers registered during adf_isr_resource_alloc() are not detached before the MSI-X vectors are released. Since the device is enabled with pcim_enable_device(), calling pci_alloc_irq_vectors() internally registers pcim_msi_release() as a devres action. On probe failure, devres runs pcim_msi_release() which calls pci_free_irq_vectors(), tearing down the MSI-X vectors while IRQ handlers (for example 'qat0-bundle0') are still attached. This causes remove_proc_entry() warnings: [ 22.163964] remove_proc_entry: removing non-empty directory 'irq/143', leaking at least 'qat0-bundle0' Moving the devm_add_action_or_reset() before adf_dev_up() does not solve the problem since devres runs in LIFO order and pcim_msi_release(), registered later inside adf_dev_up(), would still fire before adf_device_down(). Fix by calling adf_dev_down() explicitly when adf_dev_up() fails, to properly free IRQ handlers before devres releases the MSI-X vectors. | ||||
| CVE-2026-46059 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before running it. KVM uses the current RIP as the NextRIP in vmcb02 to emulate a CPU without NRIPS. However, after L2 runs the first time, NextRIP will be updated by the CPU and/or KVM, and the current RIP is no longer the correct value to use in vmcb02. Hence, after save/restore, use the current RIP if and only if a nested run is pending, otherwise use NextRIP. Give soft_int_next_rip the same treatment, as it's the same logic, just for a narrower use case. [sean: give soft_int_next_rip the same treatment] | ||||
| CVE-2026-52703 | 2026-06-16 | 9.6 Critical | ||
| Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | ||||
| CVE-2026-52700 | 2026-06-16 | 8.5 High | ||
| Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | ||||
| CVE-2026-53831 | 1 Openclaw | 1 Openclaw | 2026-06-16 | 8.3 High |
| OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data. | ||||
| CVE-2026-53833 | 2 Openclaw, Qqbot | 2 Openclaw, Qqbot | 2026-06-16 | 7.7 High |
| OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching the affected command without non-wildcard allowlist entry requirements. | ||||
| CVE-2026-12087 | 2026-06-16 | 5.3 Medium | ||
| Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure. | ||||
| CVE-2026-46690 | 1 Spearman | 1 Unbounded-spsc | 2026-06-16 | 5.8 Medium |
| unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-9262 | 2026-06-15 | 6.5 Medium | ||
| Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier | ||||