Export limit exceeded: 353514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 353514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (353514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25381 | 2 Almera Responsive Portfolio Project, Extro | 2 Almera Responsive Portfolio, Responsive Portfolio | 2026-05-26 | 7.1 High |
| Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details. | ||||
| CVE-2026-9473 | 1 C-rick | 1 Jimeng-mcp | 2026-05-26 | 6.3 Medium |
| A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-44598 | 1 Apache | 1 Shiro | 2026-05-26 | N/A |
| With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue by encrypting the cookie. After successful login, Jakarta EE integration module uses shiroSavedRequest cookie to redirect to a particular web page after login. This cookie was not validated, and can be forged to send a HTTP GET request from the server itself to an arbitrary URL from the cookie. | ||||
| CVE-2026-24545 | 2 Nikki Blight, Wordpress | 2 Qr Redirector, Wordpress | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3. | ||||
| CVE-2026-24582 | 2 Wordpress, Wppool | 2 Wordpress, Flextable | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0. | ||||
| CVE-2026-24592 | 2 Lucian Apostol, Wordpress | 2 Auto Affiliate Links, Wordpress | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3. | ||||
| CVE-2026-24527 | 2 Patterns In The Cloud, Wordpress | 2 Autoship Cloud For Woocommerce Subscription Products, Wordpress | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0. | ||||
| CVE-2026-39436 | 2 Bgermann, Wordpress | 2 Cformsii, Wordpress | 2026-05-26 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3. | ||||
| CVE-2026-45209 | 2 Edward Plainview, Wordpress | 2 Mycryptocheckout, Wordpress | 2026-05-26 | 7.5 High |
| Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a through 2.161. | ||||
| CVE-2026-42763 | 2 Sepay Team, Wordpress | 2 Sepay Gateway, Wordpress | 2026-05-26 | 6.5 Medium |
| Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20. | ||||
| CVE-2026-32389 | 2 Linethemes, Wordpress | 2 Nanocare, Wordpress | 2026-05-26 | 5.4 Medium |
| Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2. | ||||
| CVE-2025-71310 | 1 Backdropcms | 1 Gdpr Cookies Module For Backdrop Cms | 2026-05-26 | N/A |
| The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with the permission "Create a GDPR Cookies Service" or "Edit any GDPR Cookies Service" and a site must have added a YouTube service as configuration. | ||||
| CVE-2026-48850 | 1 Putty | 1 Putty | 2026-05-26 | 3.7 Low |
| PuTTY 0.72 before 0.84 has a double free in RSA KEX. | ||||
| CVE-2026-39661 | 2 Magentech, Wordpress | 2 Sw Core, Wordpress | 2026-05-26 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core: from n/a through 1.7.18. | ||||
| CVE-2026-39642 | 2 Spabrice, Wordpress | 2 Nyla, Wordpress | 2026-05-26 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7. | ||||
| CVE-2026-27427 | 2 Dylan Kuhn, Wordpress | 2 Geo Mashup, Wordpress | 2026-05-26 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18. | ||||
| CVE-2026-24638 | 2 Webful Creations, Wordpress | 2 Repairbuddy, Wordpress | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121. | ||||
| CVE-2026-24590 | 2 Videowhisper.com, Wordpress | 2 Paid Videochat Turnkey Site, Wordpress | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23. | ||||
| CVE-2026-31391 | 1 Linux | 1 Linux Kernel | 2026-05-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decrement ->tfm_count to avoid blocking future reads. | ||||
| CVE-2026-44410 | 1 Zte | 1 Zxunipos Nds-lte | 2026-05-26 | 3.8 Low |
| This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks. | ||||