Search
Search Results (84349 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42649 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions. | ||||
| CVE-2026-42650 | 2026-06-16 | 7.2 High | ||
| Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions. | ||||
| CVE-2026-42666 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | ||||
| CVE-2026-42668 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions. | ||||
| CVE-2026-42686 | 2026-06-16 | 7.1 High | ||
| Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions. | ||||
| CVE-2026-42687 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions. | ||||
| CVE-2026-48889 | 2026-06-16 | 8.8 High | ||
| Subscriber Privilege Escalation in Amelia <= 2.3 versions. | ||||
| CVE-2026-48966 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions. | ||||
| CVE-2026-49055 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions. | ||||
| CVE-2026-49063 | 2026-06-16 | 7.3 High | ||
| Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. | ||||
| CVE-2026-49066 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions. | ||||
| CVE-2026-49078 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. | ||||
| CVE-2026-49082 | 2026-06-16 | 7.4 High | ||
| Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. | ||||
| CVE-2026-49780 | 2026-06-16 | 8.8 High | ||
| Customer Privilege Escalation in Dokan <= 5.0.2 versions. | ||||
| CVE-2026-52692 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | ||||
| CVE-2026-52694 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | ||||
| CVE-2026-52695 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | ||||
| CVE-2026-52699 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | ||||
| CVE-2026-52700 | 2026-06-16 | 8.5 High | ||
| Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | ||||
| CVE-2026-53831 | 1 Openclaw | 1 Openclaw | 2026-06-16 | 8.3 High |
| OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data. | ||||