Export limit exceeded: 366877 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366877 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 86993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (86993 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-41723 1 Vmware 5 Aria Operations, Cloud Foundation, Telco Cloud Platform and 2 more 2026-06-16 8 High
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
CVE-2026-42661 2 Aguilatechnologies, Wordpress 2 Wp Customer Area, Wordpress 2026-06-16 8.8 High
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
CVE-2026-40732 2 Rainafarai, Wordpress 2 Notification For Telegram, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
CVE-2026-45998 1 Linux 1 Linux Kernel 2026-06-16 7.8 High
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skb_unshare() failure If skb_unshare() fails to unshare a packet due to allocation failure in rxrpc_input_packet(), the skb pointer in the parent (rxrpc_io_thread()) will be NULL'd out. This will likely cause the call to trace_rxrpc_rx_done() to oops. Fix this by moving the unsharing down to where rxrpc_input_call_event() calls rxrpc_input_call_packet(). There are a number of places prior to that where we ignore DATA packets for a variety of reasons (such as the call already being complete) for which an unshare is then avoided. And with that, rxrpc_input_packet() doesn't need to take a pointer to the pointer to the packet, so change that to just a pointer.
CVE-2026-53811 1 Openclaw 1 Openclaw 2026-06-16 8.8 High
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another Matrix identity, potentially gaining unauthorized permissions depending on operator configuration.
CVE-2026-48838 2 Wordpress, Wpexperts 2 Wordpress, Post Smtp 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
CVE-2026-47261 1 Bytecodealliance 1 Wasmtime 2026-06-16 7.5 High
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with only the OpenFlags::TRUNCATE oflag. The root cause is that the clause handling OpenFlags::TRUNCATE in crates/wasi/src/filesystem.rs (Dir::open_at, lines 967–969) did not set open_mode |= OpenMode::WRITE;, which is later used for the access control check against FilePerms to determine whether opening the file is permitted; the single-line fix adds that missing assignment, after which the affected calls correctly fail with error-code.not-permitted and ERRNO_PERM respectively. Only wasmtime-wasi embeddings that combine DirPerms::MUTATE with FilePerms::READ are affected by this bug. In particular, the Wasmtime project's wasmtime-cli's use of wasmtime-wasi is not affected, because it always sets FilePerms::all() for all preopens. This issue has been fixed in versions 24.0.9, 36.0.10 and44.0.2.
CVE-2025-59133 2 Projectopia, Wordpress 2 Projectopia, Wordpress 2026-06-16 7.5 High
Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions.
CVE-2026-27089 2 Magepeople, Wordpress 2 Wptravelly, Wordpress 2026-06-16 7.5 High
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
CVE-2026-39490 2 Artbees, Wordpress 2 Jupiter X Core, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
CVE-2026-39581 2 Activity-log.com, Wordpress 2 Wp Sessions Time Monitoring Full Automatic, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
CVE-2026-48885 2 Groundhogg, Wordpress 2 Hollerbox, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
CVE-2026-48882 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
CVE-2026-49056 2 Webtoffee, Wordpress 2 Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels, Wordpress 2026-06-16 7.5 High
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
CVE-2026-49068 2 Relywp, Wordpress 2 Coupon Affiliates, Wordpress 2026-06-16 7.5 High
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
CVE-2026-49083 2 Latepoint, Wordpress 2 Latepoint, Wordpress 2026-06-16 7.5 High
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
CVE-2026-48964 2 Elextensions, Wordpress 2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
CVE-2026-48970 2 Really-simple-plugins, Wordpress 2 Really Simple Ssl, Wordpress 2026-06-16 8.1 High
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
CVE-2026-49065 2 Hippooo, Wordpress 2 Hippoo Mobile App For Woocommerce, Wordpress 2026-06-16 8.2 High
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
CVE-2026-52697 2 Taskbuilder, Wordpress 2 Taskbuilder, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.