Export limit exceeded: 361169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15641 | 1 Netskope | 1 Netskope | 2026-06-26 | N/A |
| Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s) * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138 | ||||
| CVE-2025-15642 | 1 Netskope | 1 Netskope | 2026-06-26 | N/A |
| Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,. * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138 | ||||
| CVE-2026-8089 | 2 Wedevs, Wordpress | 2 Wemail: Email Marketing, Email Automation, Newsletters, Subscribers & Ecommerce Email Optins, Wordpress | 2026-06-26 | 7.1 High |
| The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL. | ||||
| CVE-2026-8607 | 2 Saadiqbal, Wordpress | 2 Mycred – Points Management System For Gamification, Ranks, Badges, And Loyalty Program., Wordpress | 2026-06-26 | 6.4 Medium |
| The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-8494 | 2 Maciej Bis, Wordpress | 2 Permalink Manager Lite, Wordpress | 2026-06-26 | 6.4 Medium |
| The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in the admin Permalink Manager page that will execute whenever an administrator accesses the Permalink Manager page. | ||||
| CVE-2026-10835 | 2026-06-26 | N/A | ||
| The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks. | ||||
| CVE-2026-8380 | 2026-06-26 | N/A | ||
| The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugin WordPress plugin through 23.6's "Allow guest uploads" setting is enabled by an administrator, the same deletion primitive becomes reachable by unauthenticated users. | ||||
| CVE-2026-9690 | 2 Joomunited, Wordpress | 2 Wp Media Folder, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions. | ||||
| CVE-2026-22332 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions. | ||||
| CVE-2026-39596 | 2 Creativethemes, Wordpress | 2 Blocksy Companion, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. | ||||
| CVE-2026-40721 | 2 Bdthemes, Wordpress | 2 Element Pack, Wordpress | 2026-06-26 | 7.5 High |
| Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions. | ||||
| CVE-2026-40783 | 2 Creativethemes, Wordpress | 2 Blocksy Companion, Wordpress | 2026-06-26 | 9.9 Critical |
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. | ||||
| CVE-2026-42385 | 2 Cozmoslabs, Wordpress | 2 Profile Builder, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions. | ||||
| CVE-2026-42629 | 2 Powerpackelements, Wordpress | 2 Powerpack Addons For Elementor, Wordpress | 2026-06-26 | 8.8 High |
| Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions. | ||||
| CVE-2026-49778 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | ||||
| CVE-2026-54802 | 2 Cozyvision, Wordpress | 2 Sms Alert Order Notifications, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions. | ||||
| CVE-2026-54811 | 2 Tipsandtricks-hq, Wordpress | 2 Wp Emember, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | ||||
| CVE-2025-69140 | 2 Seventhqueen, Wordpress | 2 Sweet Date, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions. | ||||
| CVE-2026-46752 | 1 Apache | 1 Kvrocks | 2026-06-26 | N/A |
| Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue. | ||||
| CVE-2026-54821 | 2 Bootstrapped, Wordpress | 2 Visual Link Preview, Wordpress | 2026-06-26 | 7.4 High |
| Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. | ||||