Export limit exceeded: 361510 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361510 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57318 | 2 Geminilabs, Wordpress | 2 Site Reviews, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions. | ||||
| CVE-2026-57322 | 2 Wedevs, Wordpress | 2 Wemail, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions. | ||||
| CVE-2026-57629 | 2 Statcounter, Wordpress | 2 Statcounter, Wordpress | 2026-06-26 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions. | ||||
| CVE-2026-57636 | 2 Tomdever, Wordpress | 2 Wpforo Forum, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. | ||||
| CVE-2026-57642 | 2 Bestwebsoft, Wordpress | 2 Gallery, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in Gallery <= 4.7.8 versions. | ||||
| CVE-2026-57648 | 2 Nelio Software, Wordpress | 2 Nelio Content, Wordpress | 2026-06-26 | 4.3 Medium |
| Contributor Broken Access Control in Nelio Content <= 4.3.4 versions. | ||||
| CVE-2026-57650 | 2 Blockart, Wordpress | 2 Magazine Blocks, Wordpress | 2026-06-26 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions. | ||||
| CVE-2026-57658 | 2 Templatespare, Wordpress | 2 Templatespare, Wordpress | 2026-06-26 | 9.1 Critical |
| Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions. | ||||
| CVE-2026-57662 | 2 Wasiliy Strecker, Wordpress | 2 Contest Gallery, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | ||||
| CVE-2026-30041 | 1 Faststone | 1 Image Viewer | 2026-06-26 | 7.5 High |
| An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file. | ||||
| CVE-2026-54826 | 2 Psm Plugins, Wordpress | 2 Supportcandy, Wordpress | 2026-06-26 | 7.6 High |
| Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions. | ||||
| CVE-2026-54831 | 2 Paolo, Wordpress | 2 Geodirectory, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions. | ||||
| CVE-2026-56041 | 2 Dfactory, Wordpress | 2 Responsive Lightbox, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions. | ||||
| CVE-2026-56058 | 2 Themecatcher, Wordpress | 2 Quform, Wordpress | 2026-06-26 | 9.9 Critical |
| Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions. | ||||
| CVE-2026-56066 | 2 Shortpixel, Wordpress | 2 Shortpixel Adaptive Images, Wordpress | 2026-06-26 | 5.8 Medium |
| Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions. | ||||
| CVE-2026-48770 | 2026-06-26 | 5 Medium | ||
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYDATA_FULL_CMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* instead of enforcing COPYDATASTRUCT.cbData. This vulnerability is fixed in 8.9.6.1. | ||||
| CVE-2026-48778 | 2026-06-26 | 7.8 High | ||
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDM_FILE_OPEN_CMD (File → Open Containing Folder → cmd), NppCommands.cpp:228 creates a Command object with this value and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. This vulnerability is fixed in 8.9.6.1. | ||||
| CVE-2026-57620 | 2026-06-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8. | ||||
| CVE-2025-66123 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. | ||||
| CVE-2026-24547 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions. | ||||