Export limit exceeded: 361476 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361476 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24547 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions. | ||||
| CVE-2026-54827 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions. | ||||
| CVE-2026-52885 | 2026-06-26 | N/A | ||
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires (Time-of-Check). However, the command payload is taken from the in-memory _userCommands vector, which is populated at application startup and never re-synchronized with the on-disk file (Time-of-Use). Swapping shortcuts.xml between startup and command execution causes the HMAC check to validate a clean file while a malicious command runs. An attacker with write access to shortcuts.xml places a malicious version on disk before launch, then immediately restores the legitimate file. The HMAC check at execution time validates the restored legitimate file (check passes), while the malicious payload executes from memory. This vulnerability is fixed in 8.9.6.4. | ||||
| CVE-2026-54837 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions. | ||||
| CVE-2026-56010 | 2 Tychesoftwares, Wordpress | 2 Abandoned Cart Pro For Woocommerce, Wordpress | 2026-06-26 | 8.8 High |
| Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions. | ||||
| CVE-2026-56029 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions. | ||||
| CVE-2026-56035 | 2026-06-26 | 8.6 High | ||
| Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions. | ||||
| CVE-2026-56043 | 2 Cusrev, Wordpress | 2 Customer Reviews For Woocommerce, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions. | ||||
| CVE-2026-56055 | 2 Inspirythemes, Wordpress | 2 Realhomes, Wordpress | 2026-06-26 | 8.8 High |
| Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions. | ||||
| CVE-2026-56062 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions. | ||||
| CVE-2026-56069 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions. | ||||
| CVE-2026-57315 | 2026-06-26 | 8.5 High | ||
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions. | ||||
| CVE-2026-57617 | 2 Seedprod Llc, Wordpress | 2 Seedprod Pro, Wordpress | 2026-06-26 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions. | ||||
| CVE-2026-57630 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions. | ||||
| CVE-2026-46710 | 2026-06-26 | N/A | ||
| Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writable custom installation directory, and a privileged user later runs the installer and selects that directory, the attacker-controlled executable is launched with the elevated privileges of the installer. This vulnerability is fixed in 8.9.6. | ||||
| CVE-2026-57643 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in WP Post Author <= 3.9.1 versions. | ||||
| CVE-2026-57649 | 2026-06-26 | 4.3 Medium | ||
| Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions. | ||||
| CVE-2026-57655 | 2026-06-26 | 8.2 High | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. | ||||
| CVE-2026-56070 | 2 Themehunk, Wordpress | 2 Advance Product Search, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions. | ||||
| CVE-2026-56072 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions. | ||||