Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 51–75 of 6,811 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2021-47933 | CRITICAL | 9.8 | 2026-05-10 | WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the R… | |
| CVE-2021-47935 | HIGH | 8.8 | 2026-05-10 | Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized obje… | |
| CVE-2021-47936 | CRITICAL | 9.8 | 2026-05-10 | OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised… | |
| CVE-2021-47937 | HIGH | 8.8 | 2026-05-10 | e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading… | |
| CVE-2021-47938 | HIGH | 8.8 | 2026-05-10 | ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code … | |
| CVE-2021-47939 | HIGH | 8.8 | 2026-05-10 | Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by … | |
| CVE-2021-47940 | CRITICAL | 9.8 | 2026-05-10 | WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious file… | |
| CVE-2021-47941 | HIGH | 8.2 | 2026-05-10 | WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious… | |
| CVE-2021-47943 | HIGH | 8.8 | 2026-05-10 | TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files thro… | |
| CVE-2021-47944 | HIGH | 7.5 | 2026-05-10 | memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields.… | |
| CVE-2021-47945 | HIGH | 7.8 | 2026-05-10 | Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the s… | |
| CVE-2021-47946 | MEDIUM | 5.3 | 2026-05-10 | OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by… | |
| CVE-2021-47947 | MEDIUM | 6.4 | 2026-05-10 | Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'n… | |
| CVE-2021-47948 | MEDIUM | 5.4 | 2026-05-10 | WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field … | |
| CVE-2021-47949 | HIGH | 8.8 | 2026-05-10 | CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks … | |
| CVE-2021-47950 | MEDIUM | 6.4 | 2026-05-10 | Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject mali… | |
| CVE-2021-47951 | MEDIUM | 6.4 | 2026-05-10 | WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Conten… | |
| CVE-2021-47953 | MEDIUM | 4.3 | 2026-05-10 | OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endp… | |
| CVE-2022-50943 | MEDIUM | Patched | 6.1 | 2026-05-10 | Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search par… |
| CVE-2022-50944 | HIGH | 8.8 | 2026-05-10 | Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image … | |
| CVE-2022-50945 | MEDIUM | 6.4 | 2026-05-10 | WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by ex… | |
| CVE-2022-50946 | MEDIUM | 6.4 | 2026-05-10 | WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing … | |
| CVE-2022-50947 | MEDIUM | 6.4 | 2026-05-10 | WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by… | |
| CVE-2022-50948 | MEDIUM | 6.4 | 2026-05-10 | Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloa… | |
| CVE-2022-50949 | MEDIUM | 6.4 | 2026-05-10 | WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting un… |