Export limit exceeded: 85109 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85109 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56043 2 Cusrev, Wordpress 2 Customer Reviews For Woocommerce, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
CVE-2026-56055 2 Inspirythemes, Wordpress 2 Realhomes, Wordpress 2026-06-26 8.8 High
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
CVE-2026-56072 2 Wordpress, Xtemos 2 Wordpress, Woodmart 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
CVE-2026-57312 2 Wordpress, Wpeverest 2 Wordpress, Everest Forms 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
CVE-2026-57317 2 Nsquared, Wordpress 2 Simply Schedule Appointments, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
CVE-2026-57319 2 Realmag777, Wordpress 2 Fox, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
CVE-2026-37454 1 Msi 1 Nbfoundation Service 2026-06-26 7.5 High
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption
CVE-2025-68052 2 Eagle-themes, Wordpress 2 Eagle Booking, Wordpress 2026-06-26 8.8 High
Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.
CVE-2026-56044 2 Adenion, Wordpress 2 Blog2social, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
CVE-2026-56045 2 Valvepress, Wordpress 2 Automatic, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
CVE-2026-46602 1 Golang 1 Image 2026-06-26 7.5 High
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.
CVE-2026-57915 1 Apache 1 Kerby 2026-06-26 7.3 High
It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.
CVE-2026-56060 2 Tychesoftwares, Wordpress 2 Print Invoice & Delivery Notes For Woocommerce, Wordpress 2026-06-26 7.5 High
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.
CVE-2026-54013 1 Open-webui 1 Open-webui 2026-06-26 7.6 High
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no validate_profile_image_url field validator, and the model image serving endpoint has no MIME allowlist or nosniff header. Any authenticated user with workspace.models permission (enabled by default) can store a data:image/svg+xml;base64,... payload in a model's profile image and achieve full account takeover of anyone who navigates to the image URL. This vulnerability is fixed in 0.9.6.
CVE-2026-54847 2 Design, Wordpress 2 Stylish Cost Calculator, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
CVE-2026-56011 2 Chrisrichardson, Wordpress 2 Mappress Maps For Wordpress, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
CVE-2026-54317 1 Home-assistant 1 Core 2026-06-26 7.6 High
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView (homeassistant/components/konnected/__init__.py), that is marked as not requiring authentication (requires_auth = False). A comment next to that line says auth is instead handled "via the access token from configuration." That promise is only half true. Write requests (POST and PUT) are handled by update_sensor(), which does check the request's Authorization: Bearer <token> header against the integration's stored access tokens (using hmac.compare_digest). Read requests (GET) are handled by a separate get() method that has no authentication check at all. This vulnerability is fixed in 2026.6.0.
CVE-2026-38637 1 Redox-os 1 Relibc 2026-06-26 7.5 High
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-45257 1 Freebsd 1 Freebsd 2026-06-26 7.8 High
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data over a loopback connection without enabling KTLS on the transmit side, the file-backed mbufs reach the receiver's decryption path unchanged. Decrypting a record in place then overwrites the backing file's page cache instead of a private copy of the data. An unprivileged local user who can read a file can overwrite its contents with data of their choosing by sending the file over a loopback connection on which they have enabled KTLS receive. The write modifies the page cache directly, so it bypasses file flags such as schg and is written back to disk. By overwriting a setuid binary or other trusted file, a local user can escalate privileges, potentially gaining full control of the affected system.
CVE-2026-45687 1 Rocketchat 1 Rocket.chat 2026-06-26 8.5 High
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it directly into a MongoDB $set update via Object.assign. There is no allow-list of writable fields. An attacker can therefore rewrite any column on their own upload record, notably store and the store-specific path fields. This vulnerability is fixed in 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11.