Search
497 CVEs · High severity
CVEs (497)
Showing 1–25 of 497
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9851 | HIGH | 7.2 | 2026-06-06 | The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capab… | |
| CVE-2026-9516 | HIGH | Patched | 7.5 | 2026-06-03 | Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BO… |
| CVE-2026-9334 | HIGH | Patched | 7.3 | 2026-06-03 | Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object k… |
| CVE-2026-9290 | HIGH | 7.5 | 2026-06-06 | The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (pro… | |
| CVE-2026-8901 | HIGH | 7.2 | 2026-06-06 | The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submi… | |
| CVE-2026-8889 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes). | |
| CVE-2026-8888 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() witho… | |
| CVE-2026-8881 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a si… | |
| CVE-2026-8879 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This scri… | |
| CVE-2026-8878 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information co… | |
| CVE-2026-8876 | HIGH | 7.3 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention… | |
| CVE-2026-8874 | HIGH | 7.1 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpo… | |
| CVE-2026-8829 | HIGH | Patched | 7.5 | 2026-06-04 | HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) in… |
| CVE-2026-8438 | HIGH | 7.2 | 2026-06-06 | The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due … | |
| CVE-2026-8293 | HIGH | Patched | 7.5 | 2026-06-02 | The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing a… |
| CVE-2026-8036 | HIGH | Patched | 7.1 | 2026-06-02 | Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability … |
| CVE-2026-8035 | HIGH | Patched | 7.1 | 2026-06-02 | Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer derefere… |
| CVE-2026-7654 | HIGH | 8.8 | 2026-06-05 | The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use… | |
| CVE-2026-7537 | HIGH | 7.2 | 2026-06-06 | The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. T… | |
| CVE-2026-7313 | HIGH | Patched | 8.7 | 2026-06-02 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain pla… |
| CVE-2026-7201 | HIGH | Patched | 8.8 | 2026-06-02 | CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.86… |
| CVE-2026-7195 | HIGH | Patched | 8.8 | 2026-06-02 | CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 1… |
| CVE-2026-5422 | HIGH | 8.1 | 2026-06-02 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_serve… | |
| CVE-2026-5415 | HIGH | 8.8 | 2026-06-05 | The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all… | |
| CVE-2026-5411 | HIGH | 8.8 | 2026-06-05 | The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all… |