Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 76–100 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-27842 | CRITICAL | 9.8 | 2026-03-11 | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. | |
| CVE-2026-2358 | MEDIUM | 6.4 | 2026-03-11 | The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[wp_ulike_likers_box]` shortcode `template` attribute in all versions up to, and inc… | |
| CVE-2026-2466 | HIGH | 7.1 | 2026-03-11 | The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting whi… | |
| CVE-2026-2626 | HIGH | Patched | 8.1 | 2026-03-11 | The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored di… |
| CVE-2026-2631 | CRITICAL | Patched | 9.8 | 2026-03-11 | The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_toke… |
| CVE-2026-2707 | MEDIUM | 6.4 | 2026-03-11 | The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This … | |
| CVE-2026-3222 | HIGH | 7.5 | 2026-03-11 | The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due to… | |
| CVE-2026-3884 | MEDIUM | Patched | 6.1 | 2026-03-11 | Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'targ… |
| CVE-2026-3911 | LOW | 2.7 | 2026-03-11 | A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administra… | |
| CVE-2026-31844 | HIGH | Patched | 8.8 | 2026-03-11 | An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation o… |
| CVE-2026-3534 | MEDIUM | 6.4 | 2026-03-11 | The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-background-meta` and `ast-content-background-meta` post meta fields in all vers… | |
| CVE-2026-3824 | MEDIUM | Patched | 6.1 | 2026-03-11 | IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website. |
| CVE-2026-3825 | MEDIUM | Patched | 6.1 | 2026-03-11 | IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's br… |
| CVE-2026-3826 | CRITICAL | Patched | 9.8 | 2026-03-11 | IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. |
| CVE-2024-14024 | MEDIUM | Patched | 6.7 | 2026-03-11 | An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator … |
| CVE-2024-14025 | MEDIUM | Patched | 6.7 | 2026-03-11 | An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can … |
| CVE-2024-14026 | HIGH | 7.8 | 2026-03-11 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user … | |
| CVE-2026-1708 | HIGH | 7.5 | 2026-03-11 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and includin… | |
| CVE-2026-2917 | MEDIUM | 5.4 | 2026-03-11 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_duplicate_thi… | |
| CVE-2026-2918 | MEDIUM | 6.4 | 2026-03-11 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_upd… | |
| CVE-2026-3903 | MEDIUM | 4.3 | 2026-03-11 | The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. … | |
| CVE-2026-1454 | HIGH | 7.2 | 2026-03-11 | The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 v… | |
| CVE-2026-1992 | HIGH | 8.8 | 2026-03-11 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `st… | |
| CVE-2026-1993 | HIGH | 8.8 | 2026-03-11 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `updat… | |
| CVE-2026-3231 | HIGH | 7.2 | 2026-03-11 | The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field valu… |