Export limit exceeded: 366877 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366877 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-15094 | 2026-07-17 | 6.1 Medium | ||
| The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2026-15982 | 2026-07-17 | 9.8 Critical | ||
| The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomatic_call_google_ai_function' function. This makes it possible for unauthenticated attackers to leverage the 'aimogen_wp_god_mode' tool to clear function blacklists and execute arbitrary PHP functions, such as creating administrator accounts. | ||||
| CVE-2026-58549 | 1 Huawei | 1 Harmonyos | 2026-07-17 | 4 Medium |
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-58550 | 1 Huawei | 1 Harmonyos | 2026-07-17 | 4 Medium |
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-58552 | 1 Huawei | 1 Harmonyos | 2026-07-17 | 5.1 Medium |
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-58553 | 1 Huawei | 1 Harmonyos | 2026-07-17 | 4 Medium |
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-58555 | 1 Huawei | 1 Harmonyos | 2026-07-17 | 6.6 Medium |
| Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-58554 | 1 Huawei | 2 Emui, Harmonyos | 2026-07-17 | 6.6 Medium |
| Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-58557 | 1 Huawei | 1 Harmonyos | 2026-07-17 | 4.8 Medium |
| Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-58556 | 2026-07-17 | 5.1 Medium | ||
| Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-58558 | 2026-07-17 | 7.8 High | ||
| Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-56087 | 2026-07-17 | 6.1 Medium | ||
| Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data. | ||||
| CVE-2026-56687 | 2026-07-17 | 7.8 High | ||
| Dell ThinOS 10, versions prior to 2605_10.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | ||||
| CVE-2026-15395 | 2 Wordpress, Wpchill | 2 Wordpress, Kali Forms — Contact Form & Drag-and-drop Builder | 2026-07-17 | 7.2 High |
| The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'digitalSignature' Field Value in all versions up to, and including, 2.4.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The required form-submission nonce is publicly available on any page containing the form shortcode, making this exploitable by fully unauthenticated attackers without any precondition beyond the form being published. | ||||
| CVE-2026-21770 | 2026-07-17 | 6.5 Medium | ||
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. | ||||
| CVE-2025-45868 | 2026-07-17 | N/A | ||
| LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to blind SQL injection in the ComparisonServlet component, allowing authenticated user to manipulate SQL queries via crafted input. | ||||
| CVE-2026-22752 | 2026-07-17 | 9.6 Critical | ||
| Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10. | ||||
| CVE-2026-58317 | 2026-07-17 | N/A | ||
| Unsigned to Signed Conversion Error (CWE-196) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally. | ||||
| CVE-2026-60060 | 2026-07-17 | N/A | ||
| Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally. | ||||
| CVE-2026-41993 | 2026-07-17 | 4.4 Medium | ||
| Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy unauthorized file on the removable media in advance. This issue affects SafePortAgent: before 3.2.5024; StellarProtect: from 3.2.4011 before 5.0.1083. | ||||