Export limit exceeded: 86097 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (86097 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-12348 1 The Browsercompany Of New York 1 Arcsearch 2026-06-26 7.4 High
Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.
CVE-2026-12256 2 Theme-fusion, Wordpress 2 Avada, Wordpress 2026-06-26 8.8 High
Contributor PHP Object Injection in Avada <= 3.15.3 versions.
CVE-2026-39539 2 Edge-themes, Wordpress 2 Alloggio Hotel Booking, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
CVE-2026-49073 2 Wordpress, Wpwax 2 Wordpress, Directorist 2026-06-26 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3.
CVE-2026-39598 2 Kodezen, Wordpress 2 Academy Lms, Wordpress 2026-06-26 8 High
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.
CVE-2026-8089 2 Wedevs, Wordpress 2 Wemail: Email Marketing, Email Automation, Newsletters, Subscribers & Ecommerce Email Optins, Wordpress 2026-06-26 7.1 High
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL.
CVE-2026-9690 2 Joomunited, Wordpress 2 Wp Media Folder, Wordpress 2026-06-26 7.5 High
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
CVE-2026-40721 2 Bdthemes, Wordpress 2 Element Pack, Wordpress 2026-06-26 7.5 High
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
CVE-2026-42385 2 Cozmoslabs, Wordpress 2 Profile Builder, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
CVE-2026-42629 2 Powerpackelements, Wordpress 2 Powerpack Addons For Elementor, Wordpress 2026-06-26 8.8 High
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-49778 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-54802 2 Cozyvision, Wordpress 2 Sms Alert Order Notifications, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2025-69140 2 Seventhqueen, Wordpress 2 Sweet Date, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
CVE-2026-54821 2 Bootstrapped, Wordpress 2 Visual Link Preview, Wordpress 2026-06-26 7.4 High
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
CVE-2026-54822 2 Salesmanago, Wordpress 2 Salesmanago, Wordpress 2026-06-26 8.5 High
Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.
CVE-2026-54828 2 Stylemix, Wordpress 2 Motors, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.
CVE-2026-56053 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 8.8 High
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
CVE-2026-56071 2 Wordpress, Wpmudev 2 Wordpress, Forminator Forms 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
CVE-2026-9099 1 Redhat 1 Build Keycloak 2026-06-26 7.7 High
A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such as one possessing the realm-admin role) under their managed group. Because group permissions follow a hierarchical structure, this action unauthorizedly grants the attacker management and password-reset capabilities over the members of the targeted privileged group. An attacker can exploit this to reset an administrator's password, compromise the account, and achieve a full realm takeover, leading to a complete compromise of confidentiality, integrity, and availability.
CVE-2026-56769 1 Hcengineering 1 Huly Platform 2026-06-26 8.5 High
Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal services, exfiltrate responses, and replay credentials against backend systems.