Search
Search Results (46717 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30476 | 1 Dell | 1 Powerstore | 2026-06-16 | 5.4 Medium |
| PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser. | ||||
| CVE-2026-39449 | 2 Itpathsolutions, Wordpress | 2 Contact Form To Any Api, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions. | ||||
| CVE-2025-68872 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions. | ||||
| CVE-2026-39435 | 2 Bgermann, Wordpress | 2 Cformsii, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions. | ||||
| CVE-2026-39463 | 2 Managewp, Wordpress | 2 Managewp Worker, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions. | ||||
| CVE-2026-39507 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions. | ||||
| CVE-2026-40770 | 2 Relywp, Wordpress | 2 Coupon Affiliates, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions. | ||||
| CVE-2026-42663 | 2 Wordpress, Wp.insider | 2 Wordpress, Simple Membership | 2026-06-16 | 6.5 Medium |
| Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions. | ||||
| CVE-2026-48867 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions. | ||||
| CVE-2026-54198 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | ||||
| CVE-2026-54191 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions. | ||||
| CVE-2026-39437 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions. | ||||
| CVE-2026-39540 | 2026-06-16 | 6.5 Medium | ||
| Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions. | ||||
| CVE-2026-48880 | 2 Ahmad, Wordpress | 2 Wp Job Portal, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions. | ||||
| CVE-2026-48871 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions. | ||||
| CVE-2025-68851 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions. | ||||
| CVE-2026-39451 | 2 Jgwhite33, Wordpress | 2 Wp Google Review Slider, Wordpress | 2026-06-16 | 6.3 Medium |
| Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions. | ||||
| CVE-2026-39491 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions. | ||||
| CVE-2026-48870 | 2 Kingaddons, Wordpress | 2 King Addons For Elementor, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions. | ||||
| CVE-2026-53473 | 1 Kubev2v | 2 Migration-planner-ui-app, Migration Planner Ui | 2026-06-16 | 7.3 High |
| A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions. | ||||