Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 1,557 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-7565 | MEDIUM | 4.9 | 2026-06-06 | The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via t… | |
| CVE-2026-2500 | MEDIUM | 4.4 | 2026-06-06 | The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` function passing t… | |
| CVE-2026-9008 | MEDIUM | 4.3 | 2026-06-06 | The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_shortcode() fun… | |
| CVE-2026-9281 | MEDIUM | 6.4 | 2026-06-06 | The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'j… | |
| CVE-2026-8900 | MEDIUM | 6.4 | 2026-06-06 | The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insuf… | |
| CVE-2026-8976 | MEDIUM | 4.3 | 2026-06-06 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions … | |
| CVE-2026-9719 | MEDIUM | 4.3 | 2026-06-06 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5… | |
| CVE-2026-6448 | MEDIUM | 4.9 | 2026-06-06 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions… | |
| CVE-2026-7047 | MEDIUM | 4.3 | 2026-06-06 | The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect no… | |
| CVE-2026-8608 | MEDIUM | 5.3 | 2026-06-06 | The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and i… | |
| CVE-2026-8893 | MEDIUM | 6.4 | 2026-06-06 | The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up t… | |
| CVE-2026-10038 | MEDIUM | 4.3 | 2026-06-06 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Author… | |
| CVE-2026-7523 | MEDIUM | 4.3 | 2026-06-05 | The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that… | |
| CVE-2026-46357 | MEDIUM | 6.5 | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a … | |
| CVE-2026-46397 | MEDIUM | 6.5 | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOu… | |
| CVE-2026-25624 | MEDIUM | Patched | 5.7 | 2026-06-05 | An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firew… |
| CVE-2026-25620 | MEDIUM | 6.0 | 2026-06-05 | An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall … | |
| CVE-2026-25621 | MEDIUM | 6.0 | 2026-06-05 | A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This i… | |
| CVE-2026-25622 | MEDIUM | Patched | 6.0 | 2026-06-05 | A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an … |
| CVE-2026-25623 | MEDIUM | Patched | 6.0 | 2026-06-05 | An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Aut… |
| CVE-2026-2379 | MEDIUM | 5.9 | 2026-06-05 | On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical in… | |
| CVE-2026-11341 | MEDIUM | 6.3 | 2026-06-05 | A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument … | |
| CVE-2026-7473 | MEDIUM | 5.8 | 2026-06-05 | On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsul… | |
| CVE-2026-48112 | MEDIUM | Patched | 6.5 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap o… |
| CVE-2026-48103 | MEDIUM | Patched | 4.3 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) archive handl… |