Export limit exceeded: 360139 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360139 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69131 | 2 Extendons, Wordpress | 2 Wordpress & Woocommerce Scraper Plugin, Import Data From Any Site, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | ||||
| CVE-2025-69136 | 2 Themelogi, Wordpress | 2 Wanium, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions. | ||||
| CVE-2025-69137 | 2 Jthemes, Wordpress | 2 Genemy, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Broken Access Control in Genemy <= 1.6.6 versions. | ||||
| CVE-2025-69141 | 2 Themerex, Wordpress | 2 Kelly Young, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions. | ||||
| CVE-2025-69149 | 2 Themerex, Wordpress | 2 Top Dog, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions. | ||||
| CVE-2025-69177 | 2 Themelogi, Wordpress | 2 Roneous, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions. | ||||
| CVE-2025-69178 | 2 Cactusthemes, Wordpress | 2 Truemag, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions. | ||||
| CVE-2026-27429 | 2 Boldthemes, Wordpress | 2 Nifty, Wordpress | 2026-06-23 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions. | ||||
| CVE-2026-34893 | 2 Webgeniuslab, Wordpress | 2 Thegov Core, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions. | ||||
| CVE-2026-34894 | 2 Webgeniuslab, Wordpress | 2 Integrio Core, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions. | ||||
| CVE-2026-56346 | 2 Avideo, Wwbn | 2 Avideo, Avideo | 2026-06-23 | 6.5 Medium |
| AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks. | ||||
| CVE-2026-56120 | 2026-06-23 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784. | ||||
| CVE-2026-56236 | 1 Capgo | 1 Cli | 2026-06-23 | 6.1 Medium |
| Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI. | ||||
| CVE-2026-56265 | 1 Crawl4ai | 1 Crawl4ai | 2026-06-23 | 9.8 Critical |
| Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality. | ||||
| CVE-2026-11745 | 1 Ly Corporation | 1 Central Dogma | 2026-06-23 | N/A |
| A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories. | ||||
| CVE-2026-11746 | 1 Ly Corporation | 1 Central Dogma | 2026-06-23 | N/A |
| A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster. | ||||
| CVE-2026-11748 | 1 Ly Corporation | 1 Central Dogma | 2026-06-23 | N/A |
| A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure. | ||||
| CVE-2026-6645 | 1 Papercut | 1 Print Deploy | 2026-06-23 | N/A |
| An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference. Because the application does not specify an absolute path to this utility, it relies on the operating system's default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system's search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host. | ||||
| CVE-2025-4994 | 1 Safeline | 1 Safeline Sl6/sl6+ | 2026-06-23 | N/A |
| The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration. | ||||
| CVE-2026-11373 | 1 Jasei | 1 Net::statsite::client | 2026-06-23 | 9.1 Critical |
| Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol control characters such as colons or pipes, allowing metric injections. | ||||