Export limit exceeded: 361952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57325 | 2 Jellywp, Wordpress | 2 Nanomag, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions. | ||||
| CVE-2026-57430 | 2 Seopress Free, Wordpress | 2 Seopress Pro, Wordpress | 2026-06-29 | 4.3 Medium |
| Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions. | ||||
| CVE-2026-57618 | 2 Themeisle, Wordpress | 2 Neve Pro, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions. | ||||
| CVE-2026-57627 | 2 Themeum, Wordpress | 2 Kirki, Wordpress | 2026-06-29 | 4.9 Medium |
| Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. | ||||
| CVE-2026-57633 | 2 Wcboost, Wordpress | 2 Wcboost – Products Compare, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions. | ||||
| CVE-2026-57635 | 2 Funnelkit, Wordpress | 2 Funnelkit Payment Gateway For Stripe Woocommerce, Wordpress | 2026-06-29 | 6.5 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions. | ||||
| CVE-2026-57638 | 2 Wordpress, Wpmanageninja | 2 Wordpress, Fluent Booking | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. | ||||
| CVE-2026-57644 | 2 Jetmonsters, Wordpress | 2 Restaurant Menu By Motopress, Wordpress | 2026-06-29 | 8.5 High |
| Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | ||||
| CVE-2026-57647 | 2 Bplugins, Wordpress | 2 Panorama Viewer – 360 Degree Image + Video Viewer, Wordpress | 2026-06-29 | 7.5 High |
| Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. | ||||
| CVE-2026-57651 | 2 Nk, Wordpress | 2 Ghost Kit, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. | ||||
| CVE-2026-57655 | 2 Jay Versluis, Wordpress | 2 Child Theme Wizard, Wordpress | 2026-06-29 | 8.2 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. | ||||
| CVE-2026-57656 | 2 Peregrinethemes, Wordpress | 2 Hester Core, Wordpress | 2026-06-29 | 5.9 Medium |
| Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | ||||
| CVE-2026-57657 | 2 Noor Alam, Wordpress | 2 Gmail Smtp, Wordpress | 2026-06-29 | 4.3 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. | ||||
| CVE-2026-57659 | 2 Stranger Studios, Wordpress | 2 Paid Memberships Pro - Add Member From Admin, Wordpress | 2026-06-29 | 8.8 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | ||||
| CVE-2026-57664 | 2 Villatheme, Wordpress | 2 Bopo – Woocommerce Product Bundle Builder, Wordpress | 2026-06-29 | 4.3 Medium |
| Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | ||||
| CVE-2026-57665 | 2 Gravitykit, Wordpress | 2 Gravityview, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | ||||
| CVE-2026-57667 | 2 Adrian Tobey, Wordpress | 2 Groundhogg, Wordpress | 2026-06-29 | 8.5 High |
| Sales Representative SQL Injection in Groundhogg <= 4.5 versions. | ||||
| CVE-2025-11919 | 1 Wolfram Research | 1 Cloud | 2026-06-29 | 9.6 Critical |
| The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code. | ||||
| CVE-2023-20540 | 1 Amd | 5 Ryzen 3000 Series Desktop Processors, Ryzen 5000 Series Desktop Processors, Ryzen Threadripper 3000 Series Processors and 2 more | 2026-06-29 | N/A |
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity. | ||||
| CVE-2026-0685 | 1 Edgewall | 1 Genshi | 2026-06-29 | 9.8 Critical |
| Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions. | ||||