363386 matches found
CVE-2026-50748
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...
CVE-2026-12167
The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...
CVE-2026-12168
An improper validation vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port...
CVE-2026-12166
A NULL pointer dereference vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash...
CVE-2026-4767
Missing authentication for critical function vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...
CVE-2026-58652
luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...
CVE-2026-58653
PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...
CVE-2026-5524
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...
CVE-2026-4770
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...
CVE-2026-4772
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...
CVE-2026-57761
Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...
CVE-2026-57765
Contributor SQL Injection in WP EasyCart = 5.9.0 versions...
CVE-2026-57760
Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29...
CVE-2026-57762
Author Cross Site Scripting XSS in Simple URLs = 151 versions...
CVE-2026-57764
Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...
CVE-2026-57763
Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...
CVE-2026-57766
Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...
CVE-2026-57754
Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...
CVE-2026-57757
Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...
CVE-2026-57756
Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...
CVE-2026-57759
Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...
CVE-2026-57753
Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...
CVE-2026-57752
Contributor SQL Injection in iNET Webkit 1.2.4 versions...
CVE-2026-57755
Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...
CVE-2026-57758
Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...
CVE-2026-57730
Subscriber Broken Access Control in Flatsome = 3.20.5 versions...
CVE-2026-57746
Subscriber Broken Access Control in Booked = 3.0.0 versions...
CVE-2026-57749
Contributor Local File Inclusion in SportsPress Pro = 2.7.29 versions...
CVE-2026-57747
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
CVE-2026-57751
Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...
CVE-2026-57731
Contributor Broken Access Control in Flatsome = 3.20.5 versions...
CVE-2026-57748
Contributor Local File Inclusion in Shopify = 1.0.0 versions...
CVE-2026-57750
Unauthenticated Broken Access Control in ez Form Calculator Premium = 2.14.1.2 versions...
CVE-2026-57683
Unauthenticated SQL Injection in WP Fast Total Search = 1.80.280 versions...
CVE-2026-57684
Contributor Cross Site Scripting XSS in TheFox = 3.9.70 versions...
CVE-2026-57687
Contributor SQL Injection in Custom Field Template = 2.7.8 versions...
CVE-2026-57685
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...
CVE-2026-57686
Unauthenticated Cross Site Scripting XSS in WowAddons = 1.6.14 versions...
CVE-2026-57689
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
CVE-2026-57688
Unauthenticated Broken Access Control in POS Entegratör = 3.7.103 versions...
CVE-2026-57690
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
CVE-2026-57677
Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce = 12.10.3 versions...
CVE-2026-57674
Unauthenticated Cross Site Scripting XSS in Timetics = 1.0.58 versions...
CVE-2026-57678
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16...
CVE-2026-57675
Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...
CVE-2026-57680
Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...
CVE-2026-57681
Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...
CVE-2026-57679
Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...
CVE-2026-57682
Unauthenticated Cross Site Scripting XSS in Simple Link Directory = 15.0.5 versions...
CVE-2026-57623
Unauthenticated Arbitrary Code Execution in W3 Total Cache = 2.9.4 versions...