Export limit exceeded: 361552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361552 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64636 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. | ||||
| CVE-2025-68074 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. | ||||
| CVE-2026-56040 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions. | ||||
| CVE-2026-56047 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions. | ||||
| CVE-2026-57878 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-56067 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. | ||||
| CVE-2026-57877 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 8.6 High |
| An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service. | ||||
| CVE-2026-56033 | 2026-06-26 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions. | ||||
| CVE-2026-57430 | 2026-06-26 | 4.3 Medium | ||
| Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions. | ||||
| CVE-2026-57628 | 2026-06-26 | 7.6 High | ||
| Administrator SQL Injection in WP All Import <= 4.0.1 versions. | ||||
| CVE-2026-57876 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 7.5 High |
| An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service. | ||||
| CVE-2025-63079 | 2026-06-26 | 4.3 Medium | ||
| Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. | ||||
| CVE-2025-68064 | 2026-06-26 | 7.5 High | ||
| Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. | ||||
| CVE-2026-57647 | 2026-06-26 | 7.5 High | ||
| Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. | ||||
| CVE-2026-54824 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions. | ||||
| CVE-2026-54833 | 2026-06-26 | 7.4 High | ||
| Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions. | ||||
| CVE-2026-54846 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions. | ||||
| CVE-2026-57659 | 2026-06-26 | 8.8 High | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | ||||
| CVE-2026-57875 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 7.5 High |
| An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the affected components. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request, causing the affected process to crash and resulting in a denial of service. | ||||
| CVE-2026-57665 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | ||||