Export limit exceeded: 86067 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (86067 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57628 | 2 Wordpress, Wpallimport | 2 Wordpress, Wp All Import | 2026-06-29 | 7.6 High |
| Administrator SQL Injection in WP All Import <= 4.0.1 versions. | ||||
| CVE-2026-57645 | 2 Tribulant, Wordpress | 2 Newsletters, Wordpress | 2026-06-29 | 8.1 High |
| newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2026-57663 | 2 Really-simple-plugins, Wordpress | 2 Recipe Maker For Your Food Blog From Zip Recipes, Wordpress | 2026-06-29 | 8.5 High |
| Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | ||||
| CVE-2026-21734 | 1 Imaginationtech | 1 Graphics Ddk | 2026-06-29 | 7.7 High |
| A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write. | ||||
| CVE-2026-5757 | 1 Ollama | 1 Ollama | 2026-06-29 | 7.5 High |
| Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence. | ||||
| CVE-2026-45195 | 1 Imaginationtech | 1 Graphics Ddk | 2026-06-29 | 7.8 High |
| Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system. | ||||
| CVE-2026-52884 | 1 Notepad-plus-plus | 1 Notepad++ | 2026-06-29 | 7.8 High |
| Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses a prefix-based check (PathIsPrefix() or equivalent) that matches paths starting with trusted directory strings. A path traversal using ..\..\ after a trusted directory prefix passes the check while resolving to an untrusted location. The CVE-2026-48800 patch adds isInTrustedDirectory() validation in Command::run() (RunDlg.cpp) before calling ShellExecute(). This function checks whether the resolved executable path is under a trusted directory. This vulnerability is fixed in 8.9.6.2. | ||||
| CVE-2026-48778 | 1 Notepad-plus-plus | 1 Notepad++ | 2026-06-29 | 7.8 High |
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDM_FILE_OPEN_CMD (File → Open Containing Folder → cmd), NppCommands.cpp:228 creates a Command object with this value and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. This vulnerability is fixed in 8.9.6.1. | ||||
| CVE-2023-37524 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2026-06-29 | 7.7 High |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerable third-party components. | ||||
| CVE-2026-49416 | 1 Freebsd | 1 Freebsd | 2026-06-29 | 7.8 High |
| The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An unprivileged local user with access to a vt(4) device can trigger an out-of-bounds write in the kernel, potentially escalating privileges. | ||||
| CVE-2026-10820 | 2 Properfraction, Wordpress | 2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress | 2026-06-29 | 8.1 High |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference. | ||||
| CVE-2026-8095 | 2 Najeebmedia, Wordpress | 2 Frontend File Manager Plugin, Wordpress | 2026-06-29 | 8.1 High |
| The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler, where supplying WPFM_DIR_PATH in uppercase evades the unset check and is normalized to wpfm_dir_path by sanitize_key() during update_post_meta(), allowing an attacker to overwrite the stored file path with an arbitrary filesystem path that is then passed directly to unlink() in delete_file_locally() without any directory containment validation. This makes it possible for authenticated attackers with Subscriber-level access to delete arbitrary files on the server, including sensitive files such as wp-config.php, potentially leading to full site takeover. | ||||
| CVE-2026-57346 | 2 Epiph, Wordpress | 2 Embed Privacy, Wordpress | 2026-06-29 | 7.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3. | ||||
| CVE-2025-63391 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-06-29 | 7.5 High |
| DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2026-9643 | 2 Joomunited, Wordpress | 2 Wp Meta Seo, Wordpress | 2026-06-29 | 7.2 High |
| The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and including, 4.5.18. When the plugin's `wpmsTemplateRedirect()` hook detects a 404, it concatenates `$_SERVER['HTTP_HOST']` with the raw `$_SERVER['REQUEST_URI']` and inserts that value verbatim into the `wp_wpms_links.link_url` column via `$wpdb->insert()`. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute whenever an administrator views the plugin's 404 & Redirects admin page (`/wp-admin/admin.php?page=metaseo_broken_link`). | ||||
| CVE-2026-12077 | 2 Wedevs, Wordpress | 2 Dokan Pro, Wordpress | 2026-06-29 | 7.5 High |
| The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-40523 | 1 Frontaccounting | 1 Frontaccounting | 2026-06-29 | 8.1 High |
| FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM_2 and PARAM_3 POST parameters. Attackers can exploit time-based blind SQL injection through SLEEP() functions that are amplified across JOIN result sets to cause denial of service by exhausting database connections, or extract arbitrary database content through UNION-based injection techniques. | ||||
| CVE-2026-38641 | 1 Redox-os | 1 Relibc | 2026-06-29 | 7.5 High |
| An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library. | ||||
| CVE-2026-40522 | 1 Frontaccounting | 1 Frontaccounting | 2026-06-29 | 7.1 High |
| FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the unparameterized WHERE clause to retrieve sensitive information including usernames, password hashes, and email addresses from the users table, rendered into PDF report output. | ||||
| CVE-2026-13606 | 1 Graphicsmagick | 1 Graphicsmagick | 2026-06-29 | 8.1 High |
| A flaw was found in GraphicsMagick's Photo CD (PCD) decoder. A remote attacker could exploit this vulnerability by providing a specially crafted PCD file. This could lead to an out-of-bounds write, corrupting memory and potentially causing a denial of service or other unpredictable system behavior. | ||||