Export limit exceeded: 366574 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 86894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (86894 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-12781 1 Easeus 1 Partition Master 2026-06-22 7.8 High
A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists."
CVE-2026-30798 6 Apple, Google, Linux and 3 more 7 Iphone Os, Macos, Android and 4 more 2026-06-22 7.5 High
Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop. This issue affects RustDesk Client: through 1.4.8.
CVE-2026-30792 6 Apple, Google, Linux and 3 more 7 Iphone Os, Macos, Android and 4 more 2026-06-22 8.1 High
A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.8.
CVE-2026-30796 6 Apple, Linux, Microsoft and 3 more 6 Macos, Linux Kernel, Windows and 3 more 2026-06-22 7.5 High
Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks. The client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book. This vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password). This issue affects RustDesk Client: through 1.4.8.
CVE-2026-34895 2 Webgeniuslab, Wordpress 2 Softlab Core, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
CVE-2026-39443 2 Presslayouts, Wordpress 2 Emallshop, Wordpress 2026-06-20 8.1 High
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
CVE-2026-39446 2 Presslayouts, Wordpress 2 Kapee, Wordpress 2026-06-20 8.1 High
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
CVE-2026-39548 2 Sneeit, Wordpress 2 Magone, Wordpress 2026-06-20 7.1 High
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
CVE-2026-40736 2 Edge-themes, Wordpress 2 Laurits, Wordpress 2026-06-20 8.1 High
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
CVE-2026-40760 2 Edge-themes, Wordpress 2 Behold, Wordpress 2026-06-20 8.1 High
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
CVE-2026-40761 2 Edge-themes, Wordpress 2 Valeska, Wordpress 2026-06-20 8.1 High
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
CVE-2026-49057 2 Eyecix Technologies, Wordpress 2 Jobsearch, Wordpress 2026-06-20 7.5 High
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
CVE-2026-49113 2 Themeco, Wordpress 2 Cornerstone, Wordpress 2026-06-20 8.5 High
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
CVE-2026-32966 1 Apache 1 Dolphinscheduler 2026-06-20 7.5 High
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2024-49269 2 Mythemes, Wordpress 2 My Flatonica, Wordpress 2026-06-20 7.1 High
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
CVE-2025-59560 2 Sonaar Music, Wordpress 2 Sonaar, Wordpress 2026-06-20 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
CVE-2025-59563 2 Sonaar Music, Wordpress 2 Sonaar, Wordpress 2026-06-20 8.8 High
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
CVE-2025-60223 2 Quantumcloud, Wordpress 2 Wpbot Pro Wordpress Chatbot, Wordpress 2026-06-20 7.7 High
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
CVE-2025-69110 2 Themerex, Wordpress 2 Airsupply, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.
CVE-2025-69135 2 Curlythemes, Wordpress 2 Events Schedule - Wordpress Events Calendar Plugin, Wordpress 2026-06-20 8.5 High
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.