Export limit exceeded: 366011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366011 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-29007 | 1 U-boot | 1 U-boot | 2026-07-13 | 5.3 Medium |
| U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attackers can send a packet with an IP total length of 40 bytes and a TCP data offset claiming 60 bytes of header to cause tcp_parse_options() to read 40 bytes past the end of the TCP segment, potentially corrupting connection state variables such as rmt_win_scale and rmt_timestamp to disrupt TCP window calculations. | ||||
| CVE-2026-15079 | 1 Drupal | 1 Login Disable | 2026-07-13 | 5.4 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4. | ||||
| CVE-2008-4128 | 1 Cisco | 2 871 Integrated Services Router, Ios | 2026-07-13 | 4.3 Medium |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2026-52747 | 1 Modsecurity | 1 Modsecurity | 2026-07-13 | 8.6 High |
| ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and ARGS_POST because src/request_body_processor/multipart.cc overwrites reserved bytes in m_reserve instead of appending the current buffer. This creates a parser differential between ModSecurity and backend applications that preserve line breaks in form fields, allowing rules that inspect ARGS or ARGS_POST to miss payloads whose dangerous syntax depends on a line break. This issue is fixed in version 3.0.16. | ||||
| CVE-2026-58590 | 1 Drupal | 1 Flowdrop | 2026-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | ||||
| CVE-2026-58589 | 1 Drupal | 1 Flowdrop | 2026-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | ||||
| CVE-2026-15508 | 1 Helicone | 1 Ai-gateway | 2026-07-13 | 6.3 Medium |
| A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extracted_path_and_query can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-7162 | 1 Winfsp | 1 Winfsp | 2026-07-13 | 7.8 High |
| Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software. | ||||
| CVE-2026-11963 | 2026-07-13 | 8.1 High | ||
| The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change another user's WordPress role and membership tier. | ||||
| CVE-2026-11964 | 2026-07-13 | 9.1 Critical | ||
| The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without completing a real payment. | ||||
| CVE-2026-12271 | 2026-07-13 | 5.4 Medium | ||
| The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail result. | ||||
| CVE-2026-12273 | 2026-07-13 | 4.3 Medium | ||
| The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments containing arbitrary HTML and links on any content across the site, bypassing the comment moderation queue. | ||||
| CVE-2026-12274 | 2026-07-13 | 6.5 Medium | ||
| The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-level access to overwrite and take over any post or page on the site, including those owned by administrators. | ||||
| CVE-2026-12275 | 2026-07-13 | 7.1 High | ||
| The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or private courses without authorization, read private course content, and mark arbitrary courses as completed, on sites where the Droip or Kirki integration is active. | ||||
| CVE-2026-12396 | 2026-07-13 | 5.4 Medium | ||
| The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level (self-registerable) account to approve, feature, or reject arbitrary jobs, including those owned by other users. | ||||
| CVE-2026-11426 | 2026-07-13 | 6.5 Medium | ||
| The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the template_thumbnail parameter and copying their contents into a publicly accessible uploads file. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2026-7544 | 2 2coders, Wordpress | 2 Mux Video Uploader, Wordpress | 2026-07-13 | 4.3 Medium |
| The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data including Mux API credentials. | ||||
| CVE-2026-13353 | 2 Smackcoders, Wordpress | 2 Wp Ultimate Csv Importer – Wordpress Import & Export For Csv, Xml & Excel, Wordpress | 2026-07-13 | 8.8 High |
| The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for install_addon, saveMappedFields, and StartImport, combined with the plugin nonce being exposed to any authenticated user who can load an admin page, allowing a Subscriber to install the Import WooCommerce add-on, persist attacker-controlled PHP expressions in the MappedFields parameter, and trigger evaluation via eval() in ImportHelpers::get_meta_values(). This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server. | ||||
| CVE-2026-9738 | 2 Printfriendly, Wordpress | 2 Print\, Pdf\, Email By Printfriendly, Wordpress | 2026-07-13 | 4.4 Medium |
| The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_position_css' parameter in all versions up to, and including, 5.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-14262 | 2 Nicu M, Wordpress | 2 Simple Jwt Login – Allows You To Use Jwt On Rest Endpoints., Wordpress | 2026-07-13 | 8.8 High |
| The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists because `AuthenticateService::generatePayload()` only overwrites JWT payload keys whose names appear in the admin-configured `jwt_payload` list — leaving any attacker-supplied identity claims such as `email`, `id`, or `username` intact and signed into the JWT with the site's HS256 secret. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an Administrator by injecting a target administrator's email address into the `payload` parameter at the `/wp-json/simple-jwt-login/v1/auth` endpoint, then redeeming the resulting JWT at the `/autologin` endpoint to obtain a fully authenticated session as that administrator. | ||||