Export limit exceeded: 80793 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80793 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5371 | 2 Chriscct7, Wordpress | 2 Monsterinsights – Google Analytics Dashboard For Wordpress (website Stats Made Easy), Wordpress | 2026-05-13 | 7.1 High |
| The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and including, 10.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve live Google OAuth access tokens and reset Plugins's Google Ads integration. | ||||
| CVE-2026-1250 | 2 Webmuehle, Wordpress | 2 Court Reservation – Manage Your Court Bookings Online, Wordpress | 2026-05-13 | 7.5 High |
| The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-7635 | 2 Gdragon, Wordpress | 2 Coreactivity: Activity Logging For Wordpress, Wordpress | 2026-05-13 | 8.1 High |
| The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta table, and subsequently calling `maybe_unserialize()` on every retrieved `meta_value` in `query_metas()` without verifying the data was originally serialized by the application. This makes it possible for unauthenticated attackers to inject a crafted PHP serialized payload via the User-Agent header during any logged event (such as a failed login attempt), which, when an administrator views the Logs page, is deserialized and passed to `DeviceDetector::setUserAgent()`, triggering a Fatal TypeError that creates a persistent Denial of Service condition blocking administrator access to the Logs page entirely. | ||||
| CVE-2026-6929 | 2 Beardev, Wordpress | 2 Joomsport – For Sports: Team & League, Football, Hockey & More, Wordpress | 2026-05-13 | 7.5 High |
| The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-33862 | 1 Siemens | 1 Teamcenter | 2026-05-13 | 7.3 High |
| A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page. | ||||
| CVE-2026-33893 | 1 Siemens | 1 Teamcenter | 2026-05-13 | 7.5 High |
| A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application contains hardcoded key which is used for obfuscation stored directly into the application. This could allow an attacker to obtain these keys and misuse them to gain unauthorized access. | ||||
| CVE-2026-2465 | 1 E-kalite Software Hardware Engineering Design And Internet Services Industry And Trade Ltd. Co. | 1 Turboard | 2026-05-13 | 8.8 High |
| Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affects Turboard FOR-S: from 7.01.2026 before 18.02.2026. | ||||
| CVE-2026-41107 | 1 Microsoft | 1 Edge Chromium | 2026-05-13 | 7.4 High |
| External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-33833 | 1 Microsoft | 1 Azure Machine Learning | 2026-05-13 | 8.2 High |
| Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-40401 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 7.1 High |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally. | ||||
| CVE-2026-42893 | 1 Microsoft | 1 Outlook | 2026-05-13 | 7.4 High |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2026-32204 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2026-05-13 | 7.8 High |
| External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40366 | 1 Microsoft | 7 365 Apps, Office 2019, Office 2021 and 4 more | 2026-05-13 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40407 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 7.8 High |
| Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40408 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 7.8 High |
| Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40410 | 1 Microsoft | 27 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 24 more | 2026-05-13 | 7 High |
| Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40415 | 1 Microsoft | 21 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 18 more | 2026-05-13 | 8.1 High |
| Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-40419 | 1 Microsoft | 4 365 Apps, Office 2019, Office 2021 and 1 more | 2026-05-13 | 7.8 High |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41088 | 1 Microsoft | 18 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 15 more | 2026-05-13 | 7.8 High |
| External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41101 | 1 Microsoft | 2 Word, Word For Android | 2026-05-13 | 7.1 High |
| Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | ||||