Export limit exceeded: 358260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358260 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61260 | 1 Openai | 1 Codex | 2026-06-16 | 9.8 Critical |
| A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately. | ||||
| CVE-2025-63706 | 1 Afeiship | 1 Next-npm-version | 2026-06-16 | 9.8 Critical |
| NPM package next-npm-version1.0.1 is vulnerable to Command injection. | ||||
| CVE-2025-12686 | 1 Synology | 2 Beestation Manager, Beestation Os | 2026-06-16 | 9.8 Critical |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2025-41270 | 2 Waterfall, Waterfall-security | 3 Wf-500, Wf-500, Wf-500 Firmware | 2026-06-16 | 9.8 Critical |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. | ||||
| CVE-2025-41275 | 2 Waterfall, Waterfall-security | 3 Wf-500, Wf-500, Wf-500 Firmware | 2026-06-16 | 9.8 Critical |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. | ||||
| CVE-2026-40781 | 2 Reviewx, Wordpress | 2 Reviewx, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. | ||||
| CVE-2026-40782 | 2 Greg Winiarski, Wordpress | 2 Wpadverts, Wordpress | 2026-06-16 | 6.5 Medium |
| Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. | ||||
| CVE-2026-40787 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions. | ||||
| CVE-2026-40788 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-06-16 | 7.1 High |
| Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. | ||||
| CVE-2026-40791 | 2 Codepeople, Wordpress | 2 Wp Time Slots Booking Form, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. | ||||
| CVE-2026-40794 | 2 Mycred, Wordpress | 2 Mycred, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in myCred <= 3.0.3 versions. | ||||
| CVE-2026-40798 | 2 Tomdever, Wordpress | 2 Wpforo Forum, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions. | ||||
| CVE-2026-41556 | 2 Properfraction, Wordpress | 2 Profilepress, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions. | ||||
| CVE-2026-42386 | 2 Tychesoftwares, Wordpress | 2 Order Delivery Date For Woocommerce, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions. | ||||
| CVE-2026-42639 | 2 Dev4press, Wordpress | 2 Gd Rating System, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions. | ||||
| CVE-2026-42658 | 2 Mamunur Rashid, Wordpress | 2 Classified Listing, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions. | ||||
| CVE-2025-24252 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-16 | 8.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory. | ||||
| CVE-2026-42663 | 2 Wordpress, Wp.insider | 2 Wordpress, Simple Membership | 2026-06-16 | 6.5 Medium |
| Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions. | ||||
| CVE-2026-42667 | 2 Bookly, Wordpress | 2 Bookly, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions. | ||||
| CVE-2026-42688 | 2 Wordpress, Wpchill | 2 Wordpress, Modula Image Gallery | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions. | ||||