Search
7,090 CVEs · High severity
CVEs (7,090, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 7,090 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-21284 | HIGH | Patched | 8.1 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that… |
| CVE-2026-21289 | HIGH | Patched | 7.5 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could re… |
| CVE-2026-21290 | HIGH | Patched | 8.7 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that… |
| CVE-2026-21309 | HIGH | Patched | 7.5 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could re… |
| CVE-2026-21311 | HIGH | Patched | 8.0 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that… |
| CVE-2026-21361 | HIGH | Patched | 8.1 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability tha… |
| CVE-2026-3453 | HIGH | 8.1 | 2026-03-11 | The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership vali… | |
| CVE-2026-23814 | HIGH | 8.8 | 2026-03-11 | A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting i… | |
| CVE-2026-23815 | HIGH | 7.2 | 2026-03-11 | A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful e… | |
| CVE-2026-23816 | HIGH | 7.2 | 2026-03-11 | A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | |
| CVE-2025-13067 | HIGH | 8.8 | 2026-03-11 | The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file … | |
| CVE-2026-2413 | HIGH | 7.5 | 2026-03-11 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to in… | |
| CVE-2026-20892 | HIGH | 7.2 | 2026-03-11 | Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands. | |
| CVE-2026-2466 | HIGH | 7.1 | 2026-03-11 | The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting whi… | |
| CVE-2026-2626 | HIGH | Patched | 8.1 | 2026-03-11 | The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored di… |
| CVE-2026-3222 | HIGH | 7.5 | 2026-03-11 | The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due to… | |
| CVE-2026-31844 | HIGH | Patched | 8.8 | 2026-03-11 | An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation o… |
| CVE-2024-14026 | HIGH | 7.8 | 2026-03-11 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user … | |
| CVE-2026-1708 | HIGH | 7.5 | 2026-03-11 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and includin… | |
| CVE-2026-1454 | HIGH | 7.2 | 2026-03-11 | The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 v… | |
| CVE-2026-1992 | HIGH | 8.8 | 2026-03-11 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `st… | |
| CVE-2026-1993 | HIGH | 8.8 | 2026-03-11 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `updat… | |
| CVE-2026-3231 | HIGH | 7.2 | 2026-03-11 | The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field valu… | |
| CVE-2026-3805 | HIGH | Patched | 7.5 | 2026-03-11 | When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. |
| CVE-2026-3178 | HIGH | Patched | 7.2 | 2026-03-11 | The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, and including, 1.32.1 du… |