Export limit exceeded: 362653 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362653 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57341 2 Colissimo, Wordpress 2 Colissimo Officiel : Méthodes De Livraison Pour Woocommerce, Wordpress 2026-07-01 6.5 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.
CVE-2026-27435 2026-07-01 5.3 Medium
Missing Authorization vulnerability in WofficeIO Woffice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woffice: from n/a before 5.4.33.
CVE-2026-11880 2026-07-01 3.1 Low
The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.
CVE-2026-14030 1 Google 1 Chrome 2026-07-01 4.2 Medium
Inappropriate implementation in SplitView in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-36848 1 Gigamon 1 Gigavue-os 2026-07-01 7.5 High
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
CVE-2026-57919 1 Matrix42 1 Empirum 2026-07-01 7.8 High
PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory.
CVE-2026-51218 1 Davenardella 1 Snap7 2026-07-01 6.5 Medium
A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2026-31016 1 Squidex.io 1 Squidex 2026-07-01 6.5 Medium
Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via the IdentityServer account profile endpoint
CVE-2026-37637 1 Alexantr 1 Filemanager 2026-07-01 9.1 Critical
An issue in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component
CVE-2026-12856 1 Redhat 2 Openshift Dev Spaces, Openshift Devspaces 2026-07-01 8.8 High
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDoc hover popup, an attacker can execute arbitrary VS Code commands, which can lead to full system compromise in trusted workspaces.
CVE-2026-57326 2 Strategy11team, Wordpress 2 Business Directory Plugin, Wordpress 2026-07-01 6.5 Medium
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
CVE-2026-57328 2 Strategy11team, Wordpress 2 Business Directory Plugin, Wordpress 2026-07-01 6.5 Medium
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
CVE-2026-57330 2 Stylemixthemes, Wordpress 2 Masterstudy Lms, Wordpress 2026-07-01 6.5 Medium
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
CVE-2026-57331 2 Videowhisper.com, Wordpress 2 Paid Videochat Turnkey Site, Wordpress 2026-07-01 9.9 Critical
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
CVE-2026-56124 1 Shimosyan 1 Phpuploader 2026-07-01 7.5 High
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.
CVE-2026-56290 1 Joomlack 1 Page Builder Ck Extension For Joomla 2026-07-01 N/A
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVE-2026-49049 1 Joomshaper 1 Helix3 Extension For Joomla 2026-07-01 7.5 High
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
CVE-2026-13742 1 Honeywell Technologies 1 Iq Multiaccess 2026-07-01 N/A
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends updating to the most recent version of this product, service, or offering [V27 SP1, V28 SP1]
CVE-2026-13744 1 Snowflake 1 Snowflake Cli 2026-07-01 8.3 High
Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL in the context of the victim user's Snowflake session. Successful exploitation requires the victim to process attacker-controlled content through a vulnerable command path and is limited by the privileges assigned to that session. The fix is available in Snowflake CLI version 3.19. Users must manually upgrade.
CVE-2026-13746 1 Snowflake 1 Snowflake Cli 2026-07-01 3.6 Low
Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the context of that user's Snowflake session. Successful exploitation is constrained to self-injection because the vulnerable parameters were supplied directly through local CLI arguments rather than through project files, repositories, or other external input sources, and impact is limited to the privileges already available to the current session. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.