Export limit exceeded: 352497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352497 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45209 | 2026-05-25 | 7.5 High | ||
| Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a through 2.161. | ||||
| CVE-2026-45216 | 2026-05-25 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0. | ||||
| CVE-2026-48852 | 1 Putty | 1 Putty | 2026-05-25 | 3.7 Low |
| PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification. | ||||
| CVE-2026-24597 | 2 Wordpress, Wpdevart | 2 Wordpress, Organization Chart | 2026-05-25 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5. | ||||
| CVE-2025-62745 | 2 Pickplugins, Wordpress | 2 Team Showcase, Wordpress | 2026-05-25 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through 1.22.28. | ||||
| CVE-2026-9513 | 1 Totolink | 1 Ca750-poe | 2026-05-25 | 6.3 Medium |
| A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-45217 | 2026-05-25 | 6.5 Medium | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Gateway for WooCommerce: from n/a through 5.0.7. | ||||
| CVE-2026-45435 | 2026-05-25 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3. | ||||
| CVE-2026-45438 | 2026-05-25 | 7.5 High | ||
| Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0. | ||||
| CVE-2026-39436 | 2026-05-25 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3. | ||||
| CVE-2026-9512 | 1 Totolink | 1 Ca750-poe | 2026-05-25 | 6.3 Medium |
| A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-24937 | 2026-05-25 | 7.2 High | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3. | ||||
| CVE-2026-48837 | 2026-05-25 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8. | ||||
| CVE-2026-9511 | 1 Totolink | 1 Ca750-poe | 2026-05-25 | 6.3 Medium |
| A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-27357 | 2026-05-25 | 5.3 Medium | ||
| Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a before 1.5.0. | ||||
| CVE-2026-27398 | 2026-05-25 | 5.3 Medium | ||
| Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16. | ||||
| CVE-2026-27346 | 2026-05-25 | 4.9 Medium | ||
| Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10. | ||||
| CVE-2026-24554 | 2026-05-25 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1. | ||||
| CVE-2026-24527 | 2026-05-25 | 4.3 Medium | ||
| Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0. | ||||
| CVE-2026-24586 | 2026-05-25 | 5.4 Medium | ||
| Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Newses: from n/a through 2.0.0.77. | ||||