Export limit exceeded: 352606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352606 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9541 | 1 Squirrel | 1 Squirrel | 2026-05-26 | 5.3 Medium |
| A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-40412 | 1 Microsoft | 1 Azure Orbital Spatio | 2026-05-26 | 10 Critical |
| Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-23652 | 1 Microsoft | 1 Power Pages | 2026-05-26 | 10 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-40411 | 1 Microsoft | 1 Azure Virtual Network Gateway | 2026-05-26 | 9.9 Critical |
| Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-47280 | 1 Microsoft | 1 Azure Resource Manager | 2026-05-26 | 10 Critical |
| Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-42827 | 1 Microsoft | 1 365 Copilot | 2026-05-26 | 6.5 Medium |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26147 | 1 Microsoft | 1 Azure Stack Hci | 2026-05-26 | 7.7 High |
| Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-33843 | 1 Microsoft | 1 Microsoft Entra Id | 2026-05-26 | 9.1 Critical |
| Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-45659 | 1 Microsoft | 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more | 2026-05-26 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-41104 | 1 Microsoft | 1 Planetary Computer Pro | 2026-05-26 | 10 Critical |
| Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23663 | 1 Microsoft | 1 Global Secure Access | 2026-05-26 | 7.5 High |
| Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-24597 | 2 Wordpress, Wpdevart | 2 Wordpress, Organization Chart | 2026-05-26 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5. | ||||
| CVE-2026-24574 | 2 Myrecorp, Wordpress | 2 Export Wp Page To Static Html/css, Wordpress | 2026-05-26 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0. | ||||
| CVE-2025-62745 | 2 Pickplugins, Wordpress | 2 Team Showcase, Wordpress | 2026-05-26 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through 1.22.28. | ||||
| CVE-2026-24554 | 2 Convers Lab, Wordpress | 2 Wpsubscription, Wordpress | 2026-05-26 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1. | ||||
| CVE-2026-27346 | 2026-05-26 | 4.9 Medium | ||
| Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10. | ||||
| CVE-2026-27357 | 2 Cornelraiu, Wordpress | 2 Wp Search Analytics, Wordpress | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a before 1.5.0. | ||||
| CVE-2026-48837 | 2 Unlimited-elements, Wordpress | 2 Unlimited Elements For Elementor, Wordpress | 2026-05-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8. | ||||
| CVE-2026-24937 | 2026-05-26 | 7.2 High | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3. | ||||
| CVE-2026-45438 | 2 Webtoffee, Wordpress | 2 Smart Coupons For Woocommerce, Wordpress | 2026-05-26 | 7.5 High |
| Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0. | ||||