Lucene search
K

364114 matches found

NVD
NVD
added 2026/06/16 1:16 p.m.11 views

CVE-2026-12298

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

7.5CVSS0.00306EPSS
Exploits0References18
NVD
NVD
added 2026/06/16 1:16 p.m.18 views

CVE-2026-12299

JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

7.5CVSS0.00306EPSS
Exploits0References19
NVD
NVD
added 2026/06/16 1:16 p.m.7 views

CVE-2026-12293

Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

9.8CVSS0.00302EPSS
Exploits0References6
NVD
NVD
added 2026/06/16 1:16 p.m.13 views

CVE-2026-12295

Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

9.6CVSS0.00393EPSS
Exploits0References19
NVD
NVD
added 2026/06/16 1:16 p.m.12 views

CVE-2026-12289

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS0.00395EPSS
Exploits0References19
NVD
NVD
added 2026/06/16 1:16 p.m.13 views

CVE-2026-12291

Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS0.00382EPSS
Exploits0References19
NVD
NVD
added 2026/06/16 1:16 p.m.13 views

CVE-2026-12292

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

8.1CVSS0.00398EPSS
Exploits0References18
NVD
NVD
added 2026/06/16 1:16 p.m.13 views

CVE-2026-12296

Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

9.6CVSS0.00393EPSS
Exploits0References18
NVD
NVD
added 2026/06/16 1:16 p.m.13 views

CVE-2026-12290

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.1CVSS0.00397EPSS
Exploits0References19
NVD
NVD
added 2026/06/16 1:16 p.m.20 views

CVE-2026-12294

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

9.6CVSS0.00363EPSS
Exploits0References19
NVD
NVD
added 2026/06/16 1:16 p.m.11 views

CVE-2026-12297

Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

9.6CVSS0.00393EPSS
Exploits0References19
NVD
NVD
added 2026/06/16 12:16 p.m.11 views

CVE-2026-12225

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

8.7CVSS0.00481EPSS
Exploits0References5
NVD
NVD
added 2026/06/16 12:16 p.m.14 views

CVE-2026-8484

A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...

4.8CVSS0.0014EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 12:16 p.m.12 views

CVE-2026-40750

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

9.9CVSS0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 12:16 p.m.11 views

CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

8.6CVSS0.00472EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 12:16 p.m.14 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS0.0031EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.12 views

CVE-2026-8442

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...

8.1CVSS0.00501EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 10:16 a.m.8 views

CVE-2026-54198

Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-54197

Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...

6.5CVSS0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.16 views

CVE-2026-5416

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS0.00771EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2026-52714

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

5.9CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.17 views

CVE-2026-54191

Unauthenticated Cross Site Scripting XSS in Pods = 3.3.8 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2026-8176

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...

7.5CVSS0.00349EPSS
Exploits0References22
NVD
NVD
added 2026/06/16 10:16 a.m.8 views

CVE-2026-54190

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

6.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.13 views

CVE-2026-52715

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

9.3CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-52711

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

7.5CVSS0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-39490

Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...

7.5CVSS0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.13 views

CVE-2026-40809

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...

6.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-49772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS0.00229EPSS
Exploits1References1
NVD
NVD
added 2026/06/16 10:16 a.m.13 views

CVE-2026-49774

Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...

9.9CVSS0.0028EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2026-52712

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

7.6CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-39581

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

8.5CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2026-39574

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.8 views

CVE-2026-39437

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2026-10825

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...

7.1CVSS0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.13 views

CVE-2026-2381

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxpayfororder function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or orderkey verification when...

6.5CVSS0.00267EPSS
Exploits0References6
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2025-68045

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

7.5CVSS0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 a.m.12 views

CVE-2026-8444

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS0.00347EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 8:16 a.m.12 views

CVE-2026-10093

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00235EPSS
Exploits0References9
NVD
NVD
added 2026/06/16 8:16 a.m.14 views

CVE-2025-9912

Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege...

6.3CVSS0.0011EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 a.m.17 views

CVE-2026-46331

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS0.00321EPSS
Exploits9References41
NVD
NVD
added 2026/06/16 6:16 a.m.13 views

CVE-2026-50255

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges...

6.7CVSS0.00089EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 6:16 a.m.13 views

CVE-2026-9187

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the actionremoveabandoned function, which is registered to both the...

5.3CVSS0.00228EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 6:16 a.m.13 views

CVE-2026-5149

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the getsubmissioncontent AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission data. This makes it...

6.5CVSS0.00238EPSS
Exploits0References5
NVD
NVD
added 2026/06/16 6:16 a.m.12 views

CVE-2026-8443

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 6:16 a.m.11 views

CVE-2026-10780

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS0.00211EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 6:16 a.m.16 views

CVE-2026-6933

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

8.8CVSS0.00607EPSS
Exploits0References7
NVD
NVD
added 2026/06/16 6:16 a.m.12 views

CVE-2026-10635

On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...

6.3CVSS0.00164EPSS
Exploits1References2
NVD
NVD
added 2026/06/16 6:16 a.m.11 views

CVE-2025-10262

Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges...

6.3CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 4:17 a.m.18 views

CVE-2026-6964

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...

5.3CVSS0.00323EPSS
Exploits0References8
Total number of security vulnerabilities364114