Export limit exceeded: 357375 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357375 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3326 | 2 Wordpress, Xstore | 2 Wordpress, Xstore | 2026-06-10 | 8.6 High |
| The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2026-8071 | 2 Cleantalk, Wordpress | 2 Spam Protection, Wordpress | 2026-06-10 | 8.8 High |
| The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post. | ||||
| CVE-2026-9060 | 2 Store Locator Wordpress, Wordpress | 2 Store Locator Wordpress, Wordpress | 2026-06-10 | 3.5 Low |
| The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks even when the `unfiltered_html` capability is disallowed (e.g. in a multisite network where the super admin visits the page). | ||||
| CVE-2026-9067 | 2 Structured-data-for-wp, Wordpress | 2 Download Schema \& Structured Data For Wp \& Amp, Wordpress | 2026-06-10 | 9.1 Critical |
| The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos. | ||||
| CVE-2026-39169 | 1 Sem-cms | 1 Semcms | 2026-06-10 | 7.5 High |
| SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php. | ||||
| CVE-2026-39170 | 1 Sem-cms | 1 Semcms | 2026-06-10 | 6.3 Medium |
| SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php. | ||||
| CVE-2026-45474 | 1 Microsoft | 10 365 Apps, Office, Office 2016 and 7 more | 2026-06-10 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45466 | 1 Microsoft | 8 365 Apps, Microsoft 365 Apps For Enterprise, Office 2021 and 5 more | 2026-06-10 | 3.3 Low |
| Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-45503 | 1 Microsoft | 7 Exchange Server 2016, Exchange Server 2019, Exchange Server Se and 4 more | 2026-06-10 | 8.1 High |
| Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-45605 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-10 | 7.8 High |
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45640 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-10 | 7 High |
| Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45606 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 5.5 Medium |
| Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally. | ||||
| CVE-2026-45607 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-10 | 8.4 High |
| Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45641 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-10 | 8.4 High |
| Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45642 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 3.9 Low |
| Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack. | ||||
| CVE-2026-47289 | 1 Microsoft | 27 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 24 more | 2026-06-10 | 8.8 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-47648 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7 High |
| Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-47653 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 8.8 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-47652 | 1 Microsoft | 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more | 2026-06-10 | 8.2 High |
| Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-48575 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.9 High |
| Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||||