Export limit exceeded: 335699 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335699 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0774 | 1 Watchyourlan | 1 Watchyourlan | 2026-01-26 | N/A |
| WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708. | ||||
| CVE-2026-1363 | 1 Jnc | 2 I6, Iaqs | 2026-01-26 | 9.8 Critical |
| IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end. | ||||
| CVE-2026-1364 | 1 Jnc | 2 I6, Iaqs | 2026-01-26 | 9.8 Critical |
| IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities. | ||||
| CVE-2026-24550 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.15. | ||||
| CVE-2026-24555 | 2 Artplacer, Wordpress | 2 Artplacer Widget, Wordpress | 2026-01-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.1. | ||||
| CVE-2026-24558 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1. | ||||
| CVE-2026-24561 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1. | ||||
| CVE-2026-24572 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.1.0. | ||||
| CVE-2026-24576 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0. | ||||
| CVE-2026-24577 | 2 Genetech Products, Wordpress | 2 Pie Register, Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.7. | ||||
| CVE-2026-24594 | 2 Livemesh, Wordpress | 2 Addons For Wpbakery Page Builder, Wordpress | 2026-01-26 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through <= 3.9.4. | ||||
| CVE-2026-24588 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 4.3 Medium |
| Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through <= 1.5.4. | ||||
| CVE-2026-24591 | 2 Wordpress, Yasir129 | 2 Wordpress, Turn Yoast Seo Faq Block To Accordion | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6. | ||||
| CVE-2026-24593 | 2 Strategy11, Wordpress | 2 Awp Classifieds, Wordpress | 2026-01-26 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3. | ||||
| CVE-2026-24596 | 2 Marynixie, Wordpress | 2 Related Posts Thumbnails Plugin For Wordpress, Wordpress | 2026-01-26 | 4.7 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3.1. | ||||
| CVE-2026-24598 | 2 Bestwebsoft, Wordpress | 2 Multilanguage, Wordpress | 2026-01-26 | 4.3 Medium |
| Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through <= 1.5.2. | ||||
| CVE-2026-24599 | 2 Wordpress, Xlplugins | 2 Wordpress, Nextmove | 2026-01-26 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0. | ||||
| CVE-2026-24600 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through <= 3.5. | ||||
| CVE-2026-24601 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through <= 1.5. | ||||
| CVE-2026-24604 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0. | ||||