Export limit exceeded: 11952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57954 | 1 Elide | 1 Elide | 2026-06-30 | 4.3 Medium |
| Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across all rows via both JSON:API and GraphQL read paths. | ||||
| CVE-2025-6018 | 2 Redhat, Suse | 2 Enterprise Linux, Pam-config | 2026-06-30 | 7.8 High |
| A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations. | ||||
| CVE-2026-56768 | 1 Haiwen | 1 Seahub | 2026-06-30 | 8.8 High |
| Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory trees. | ||||
| CVE-2024-10306 | 1 Redhat | 3 Enterprise Linux, Jboss Core Services, Rhel Eus | 2026-06-29 | 5.4 Medium |
| A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic. | ||||
| CVE-2026-57340 | 2 Shoheitanaka, Wordpress | 2 Japanized For Woocommerce, Wordpress | 2026-06-29 | 6.5 Medium |
| Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions. | ||||
| CVE-2026-57327 | 2 Mainwp, Wordpress | 2 Mainwp, Wordpress | 2026-06-29 | 6.3 Medium |
| Subscriber Broken Access Control in MainWP <= 6.1.1 versions. | ||||
| CVE-2026-57332 | 2 Wordpress, Wpswings | 2 Wordpress, Wallet System For Woocommerce | 2026-06-29 | 7.1 High |
| Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions. | ||||
| CVE-2026-57334 | 2 Wedevs, Wordpress | 2 Wp User Frontend, Wordpress | 2026-06-29 | 6.5 Medium |
| Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions. | ||||
| CVE-2025-2515 | 1 Eclipse | 1 Bluechi | 2026-06-29 | 7.2 High |
| A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise. | ||||
| CVE-2025-63041 | 2 Codeamp, Wordpress | 2 Forget About Shortcode Buttons, Wordpress | 2026-06-29 | 5.4 Medium |
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | ||||
| CVE-2025-63078 | 2 Jetmonsters, Wordpress | 2 Restaurant Menu By Motopress, Wordpress | 2026-06-29 | 4.3 Medium |
| Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. | ||||
| CVE-2025-63079 | 2 Bdthemes, Wordpress | 2 Live Copy Paste For Elementor, Wordpress | 2026-06-29 | 4.3 Medium |
| Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. | ||||
| CVE-2025-64636 | 2 Rhewlif, Wordpress | 2 Donation Thermometer, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. | ||||
| CVE-2026-54835 | 2 Rustaurius, Wordpress | 2 Five Star Restaurant Menu, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions. | ||||
| CVE-2026-54837 | 2 Syed Balkhi, Wordpress | 2 Intranet & Private Site – All-in-one Intranet, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions. | ||||
| CVE-2026-54846 | 2 Akosglys, Wordpress | 2 Syncee Premium Dropshipping & Wholesale, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions. | ||||
| CVE-2026-56025 | 2 Paymob, Wordpress | 2 Paymob For Woocommerce, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions. | ||||
| CVE-2026-56038 | 2 Frisbii, Wordpress | 2 Frisbii Pay, Wordpress | 2026-06-29 | 8.8 High |
| Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions. | ||||
| CVE-2026-56063 | 2 Bplugins, Wordpress | 2 Mailchimp Block, Wordpress | 2026-06-29 | 8.3 High |
| Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions. | ||||
| CVE-2026-57323 | 2 Bplugins, Wordpress | 2 Flash & Html5 Video, Wordpress | 2026-06-29 | 5.8 Medium |
| Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions. | ||||