Export limit exceeded: 84295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84295 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7787 | 2 Ibm, Langflow | 2 Langflow Oss, Langflow | 2026-06-16 | 7.5 High |
| IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. | ||||
| CVE-2025-68851 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions. | ||||
| CVE-2026-34891 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions. | ||||
| CVE-2025-68045 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | ||||
| CVE-2026-39434 | 2 Webappick, Wordpress | 2 Ctx Feed, Wordpress | 2026-06-16 | 7.2 High |
| Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions. | ||||
| CVE-2026-39472 | 2 Wordpress, Wpovernight | 2 Wordpress, Woocommerce Pdf Invoices\& Packing Slips | 2026-06-16 | 7.2 High |
| Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions. | ||||
| CVE-2026-34040 | 2 Docker, Moby | 2 Engine, Moby | 2026-06-16 | 8.8 High |
| Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1. | ||||
| CVE-2026-42384 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions. | ||||
| CVE-2026-45441 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions. | ||||
| CVE-2026-49110 | 2 Wordpress, Wp Swings | 2 Wordpress, Upsell Order Bump Offer For Woocommerce | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions. | ||||
| CVE-2026-53473 | 1 Kubev2v | 2 Migration-planner-ui-app, Migration Planner Ui | 2026-06-16 | 7.3 High |
| A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions. | ||||
| CVE-2026-39534 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions. | ||||
| CVE-2026-39524 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions. | ||||
| CVE-2026-40762 | 2 Wordpress, Wpgraphql | 2 Wordpress, Wpgraphql | 2026-06-16 | 7.5 High |
| Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions. | ||||
| CVE-2026-39480 | 2 Inisev, Wordpress | 2 Backup Migration, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions. | ||||
| CVE-2026-39503 | 2 Awesomemotive, Wordpress | 2 Easy Digital Downloads, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions. | ||||
| CVE-2026-39447 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions. | ||||
| CVE-2026-34900 | 2 Liquid Web / Stellarwp, Wordpress | 2 Givewp, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions. | ||||
| CVE-2026-39498 | 2026-06-16 | 7.2 High | ||
| Shop manager PHP Object Injection in YayMail <= 4.3.3 versions. | ||||
| CVE-2026-6250 | 1 Tp-link | 2 Tapo C110, Tapo C110 Firmware | 2026-06-16 | 8.1 High |
| An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return addresses. A remote authenticated attacker may redirect execution flow to existing internal functions, triggering an unauthorized factory reset, leading to loss of configuration, deletion of stored credentials and service disruption. | ||||