Export limit exceeded: 361493 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361493 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57648 | 2 Nelio Software, Wordpress | 2 Nelio Content, Wordpress | 2026-06-26 | 4.3 Medium |
| Contributor Broken Access Control in Nelio Content <= 4.3.4 versions. | ||||
| CVE-2026-57650 | 2 Blockart, Wordpress | 2 Magazine Blocks, Wordpress | 2026-06-26 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions. | ||||
| CVE-2026-57658 | 2 Templatespare, Wordpress | 2 Templatespare, Wordpress | 2026-06-26 | 9.1 Critical |
| Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions. | ||||
| CVE-2026-57662 | 2 Wasiliy Strecker, Wordpress | 2 Contest Gallery, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | ||||
| CVE-2026-30041 | 1 Faststone | 1 Image Viewer | 2026-06-26 | 7.5 High |
| An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file. | ||||
| CVE-2026-54826 | 2 Psm Plugins, Wordpress | 2 Supportcandy, Wordpress | 2026-06-26 | 7.6 High |
| Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions. | ||||
| CVE-2026-54831 | 2 Paolo, Wordpress | 2 Geodirectory, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions. | ||||
| CVE-2026-56041 | 2 Dfactory, Wordpress | 2 Responsive Lightbox, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions. | ||||
| CVE-2026-56058 | 2 Themecatcher, Wordpress | 2 Quform, Wordpress | 2026-06-26 | 9.9 Critical |
| Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions. | ||||
| CVE-2026-56066 | 2 Shortpixel, Wordpress | 2 Shortpixel Adaptive Images, Wordpress | 2026-06-26 | 5.8 Medium |
| Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions. | ||||
| CVE-2026-48770 | 2026-06-26 | 5 Medium | ||
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYDATA_FULL_CMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* instead of enforcing COPYDATASTRUCT.cbData. This vulnerability is fixed in 8.9.6.1. | ||||
| CVE-2026-48778 | 2026-06-26 | 7.8 High | ||
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDM_FILE_OPEN_CMD (File → Open Containing Folder → cmd), NppCommands.cpp:228 creates a Command object with this value and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. This vulnerability is fixed in 8.9.6.1. | ||||
| CVE-2026-57620 | 2026-06-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8. | ||||
| CVE-2025-66123 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. | ||||
| CVE-2026-24547 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions. | ||||
| CVE-2026-54827 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions. | ||||
| CVE-2026-52885 | 2026-06-26 | N/A | ||
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires (Time-of-Check). However, the command payload is taken from the in-memory _userCommands vector, which is populated at application startup and never re-synchronized with the on-disk file (Time-of-Use). Swapping shortcuts.xml between startup and command execution causes the HMAC check to validate a clean file while a malicious command runs. An attacker with write access to shortcuts.xml places a malicious version on disk before launch, then immediately restores the legitimate file. The HMAC check at execution time validates the restored legitimate file (check passes), while the malicious payload executes from memory. This vulnerability is fixed in 8.9.6.4. | ||||
| CVE-2026-54837 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions. | ||||
| CVE-2026-56010 | 2 Tychesoftwares, Wordpress | 2 Abandoned Cart Pro For Woocommerce, Wordpress | 2026-06-26 | 8.8 High |
| Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions. | ||||
| CVE-2026-56029 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions. | ||||