Export limit exceeded: 364647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364647 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12936 | 2 Devitemsllc, Wordpress | 2 Recurio – Ultimate Subscription For Woocommerce, Wordpress | 2026-07-10 | 4.9 Medium |
| The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-14250 | 2 Themehunk, Wordpress | 2 Th Login Registration, Wordpress | 2026-07-10 | 6.3 Medium |
| The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handle_frontend_register() function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled 'role' parameter and validating it only against get_editable_roles() — which returns every defined editable site role, including 'editor' — before passing it to wp_insert_user(). This makes it possible for unauthenticated attackers, when public user registration is enabled, to create new accounts with the editor role. | ||||
| CVE-2025-14785 | 2 Seedprod, Wordpress | 2 Website Builder By Seedprod — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode, Wordpress | 2026-07-10 | 6.4 Medium |
| The Website Builder by SeedProd - Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `seedprodnestedmenuwidget` shortcode in all versions up to, and including, 6.20.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-8307 | 1 Webbeyaz Website Design | 1 Mediküm Web | 2026-07-10 | 9.8 Critical |
| Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Webbeyaz Web Design Mediküm Web allows SQL Injection. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2026-8310 | 1 Webbeyaz Website Design | 1 Mediküm Web | 2026-07-10 | 6.1 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webbeyaz Web Design Mediküm Web allows Reflected XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2026-8315 | 1 Webbeyaz Website Design | 1 Mediküm Web | 2026-07-10 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webbeyaz Web Design Mediküm Web allows Stored XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2026-12002 | 2 Smub, Wordpress | 2 Smash Balloon Social Photo Feed – Easy Social Feeds Plugin, Wordpress | 2026-07-10 | 4.7 Medium |
| The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.11.1. This is due to missing or incorrect nonce validation on the maybe_connection_data function. This makes it possible for unauthenticated attackers to overwrite the site's Instagram and Facebook oEmbed access tokens via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-6740 | 2 Posimyththemes, Wordpress | 2 Nexter Blocks – Gutenberg Blocks, Page Builder & Ai Website Builder, Wordpress | 2026-07-10 | 6.4 Medium |
| The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-22927 | 1 Omnissa | 1 Omnissa Workspace One Tunnel For Windows | 2026-07-10 | 7.8 High |
| Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability. | ||||
| CVE-2026-10708 | 1 Adalo No-code App Builder | 1 App Builder | 2026-07-10 | 7.5 High |
| This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the absence of token revocation allows attackers to gather sensitive personal information from any Adalo application. | ||||
| CVE-2026-15062 | 1 Snowflake | 1 Snowpark Python Sdk | 2026-07-10 | 9.6 Critical |
| SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization scope. An attacker could exploit these vulnerabilities by embedding SQL payloads in source database column names to escalate privileges via the DataFrameReader.dbapi() API by supplying a specially crafted location parameter to DataFrameWriter write methods to redirect a COPY INTO to an arbitrary source query, or by including a backslash-single-quote sequence in an export path to defeat the normalize_path() sanitizer and inject SQL via DataFrame.to_csv(). Successful exploitation may result in source database compromise, unauthorized cross-tenant data exfiltration, or unauthorized read of Snowflake account data. | ||||
| CVE-2026-15067 | 1 Snowflake | 1 Terraform Provider For Snowflake | 2026-07-10 | 8.8 High |
| Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration and minting of long-lived access credentials. Exploitation requires the ability for an attacker to influence a workspace variable in a pipeline where this data source was enabled. Improper neutralization of identifier content in user resource inputs could allow DDL injection into user management statements, potentially causing accounts to be created with attacker-controlled credentials and without the security controls configured by the operator. The fix is available in Snowflake Terraform Provider version 2.18.0. Users must manually upgrade. | ||||
| CVE-2026-49145 | 1 Petdance | 1 App::ack | 2026-07-10 | 7.5 High |
| App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include --files-from, so a project .ackrc can set it to a path whose listed files ack then reads and searches. Version 3.10.0 added --follow to the blocklist; --files-from remains accepted. A project .ackrc committed to an untrusted repository can make ack read files outside the project and print their matching lines. | ||||
| CVE-2026-59703 | 1 Repomix | 1 Repomix | 2026-07-10 | 7.5 High |
| repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file:// scheme URLs that bypass validation and are passed directly to git clone, enabling unauthorized access to all tracked file contents on the server filesystem. | ||||
| CVE-2026-49146 | 1 Petdance | 1 App::ack | 2026-07-10 | 7.5 High |
| App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack sized the before-context buffer to that value, so a project .ackrc setting --before-context=100000000 made ack allocate a buffer of 100 million elements. A project .ackrc committed to an untrusted repository can abort ack with an out-of-memory condition. | ||||
| CVE-2026-49147 | 1 Petdance | 1 App::ack | 2026-07-10 | 7.5 High |
| App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a _safe_filename helper that sanitises the filenames printed by -f, -g, the colored match heading, and per-match lines, but the --show-types, -l/-L, and -c paths still emit the raw filename. A file whose name embeds cursor-movement or color escapes can overwrite or recolor earlier terminal output, or be passed unchanged to a downstream consumer. | ||||
| CVE-2026-59702 | 1 Repomix | 1 Repomix | 2026-07-10 | 9.3 Critical |
| repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers to access private network addresses, GCP metadata services, or local filesystem paths. | ||||
| CVE-2026-59262 | 1 Affine | 1 Monorepo | 2026-07-10 | 6.5 Medium |
| AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails, and timestamps of private pages they lack access to. | ||||
| CVE-2026-59887 | 1 Markdown-it | 1 Linkify-it | 2026-07-10 | 7.5 High |
| linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test() and .match() can be invoked at every mailto: occurrence and scan the remaining input through src_email_name in lib/re.mjs, causing O(n^2) CPU consumption on crafted user text. This issue is fixed in version 5.0.2. | ||||
| CVE-2026-29007 | 1 U-boot | 1 U-boot | 2026-07-10 | 5.3 Medium |
| U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attackers can send a packet with an IP total length of 40 bytes and a TCP data offset claiming 60 bytes of header to cause tcp_parse_options() to read 40 bytes past the end of the TCP segment, potentially corrupting connection state variables such as rmt_win_scale and rmt_timestamp to disrupt TCP window calculations. | ||||