Export limit exceeded: 361493 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361493 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361493 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56035 | 2026-06-26 | 8.6 High | ||
| Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions. | ||||
| CVE-2026-56043 | 2 Cusrev, Wordpress | 2 Customer Reviews For Woocommerce, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions. | ||||
| CVE-2026-56055 | 2 Inspirythemes, Wordpress | 2 Realhomes, Wordpress | 2026-06-26 | 8.8 High |
| Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions. | ||||
| CVE-2026-56062 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions. | ||||
| CVE-2026-56069 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions. | ||||
| CVE-2026-57315 | 2026-06-26 | 8.5 High | ||
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions. | ||||
| CVE-2026-57617 | 2 Seedprod Llc, Wordpress | 2 Seedprod Pro, Wordpress | 2026-06-26 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions. | ||||
| CVE-2026-57630 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions. | ||||
| CVE-2026-46710 | 2026-06-26 | N/A | ||
| Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writable custom installation directory, and a privileged user later runs the installer and selects that directory, the attacker-controlled executable is launched with the elevated privileges of the installer. This vulnerability is fixed in 8.9.6. | ||||
| CVE-2026-57649 | 2026-06-26 | 4.3 Medium | ||
| Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions. | ||||
| CVE-2026-57655 | 2026-06-26 | 8.2 High | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. | ||||
| CVE-2026-56070 | 2 Themehunk, Wordpress | 2 Advance Product Search, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions. | ||||
| CVE-2026-56072 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions. | ||||
| CVE-2026-57312 | 2 Wordpress, Wpeverest | 2 Wordpress, Everest Forms | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions. | ||||
| CVE-2026-57313 | 2 Surecart, Wordpress | 2 Surecart, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions. | ||||
| CVE-2026-57317 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions. | ||||
| CVE-2026-57319 | 2 Realmag777, Wordpress | 2 Fox, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions. | ||||
| CVE-2026-57324 | 2 Villatheme, Wordpress | 2 Gift4u, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions. | ||||
| CVE-2026-48800 | 2026-06-26 | 7.8 High | ||
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:3658) in the feedUserCmds() function and stored in UserCommand._cmd without any validation. When the user clicks the corresponding entry in the Run menu, NppCommands.cpp:4264 creates a Command object with string2wstring(ucmd.getCmd()) and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. The injected command appears as a normal menu item in the Run menu, making it a viable persistence mechanism. This vulnerability is fixed in 8.9.6.1. | ||||
| CVE-2026-52884 | 2026-06-26 | 7.8 High | ||
| Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses a prefix-based check (PathIsPrefix() or equivalent) that matches paths starting with trusted directory strings. A path traversal using ..\..\ after a trusted directory prefix passes the check while resolving to an untrusted location. The CVE-2026-48800 patch adds isInTrustedDirectory() validation in Command::run() (RunDlg.cpp) before calling ShellExecute(). This function checks whether the resolved executable path is under a trusted directory. This vulnerability is fixed in 8.9.6.2. | ||||