Export limit exceeded: 353540 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 353540 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (353540 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40837 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40838 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40839 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40841 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40842 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40847 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 6.5 Medium |
| An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40850 | 2 Helmholz, Mb Connect Line | 5 Myrex24v2, Myrex24v2.virtual, Myrex24v2virtual and 2 more | 2026-05-27 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40851 | 2 Helmholz, Mb Connect Line | 5 Rex100, Rex200 250, Mbnet and 2 more | 2026-05-27 | 8.4 High |
| A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability. | ||||
| CVE-2026-42754 | 2026-05-27 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through <= 1.3.46. | ||||
| CVE-2026-42760 | 2 Revmakx, Wordpress | 2 Backup And Staging By Wp Time Capsule, Wordpress | 2026-05-27 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.25. | ||||
| CVE-2026-42761 | 2 Realmag777, Wordpress | 2 Active Products Tables For Woocommerce, Wordpress | 2026-05-27 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.9. | ||||
| CVE-2026-42734 | 2 Dylan Kuhn, Wordpress | 2 Geo Mashup, Wordpress | 2026-05-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through <= 1.13.19. | ||||
| CVE-2026-42725 | 2 Wordpress, Wpwham | 2 Wordpress, Checkout Files Upload For Woocommerce | 2026-05-27 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through <= 2.2.5. | ||||
| CVE-2026-42737 | 2026-05-27 | 8.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.9. | ||||
| CVE-2026-42729 | 2 Propertyhive, Wordpress | 2 Propertyhive, Wordpress | 2026-05-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through <= 2.2.2. | ||||
| CVE-2026-42727 | 2 Realmag777, Wordpress | 2 Active Products Tables For Woocommerce, Wordpress | 2026-05-27 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.8. | ||||
| CVE-2026-8042 | 2 Octalmage, Wordpress | 2 Github Shortcode, Wordpress | 2026-05-27 | 6.4 Medium |
| The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-42731 | 2026-05-27 | 9.8 Critical | ||
| Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9. | ||||
| CVE-2026-42726 | 2026-05-27 | 6.5 Medium | ||
| Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through <= 4.4.5. | ||||
| CVE-2026-42732 | 2026-05-27 | 6.5 Medium | ||
| Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through <= 3.0.2. | ||||