Export limit exceeded: 335681 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335681 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0927 | 2 Iqonicdesign, Wordpress | 2 Kivicare – Clinic & Patient Management System (ehr), Wordpress | 2026-01-26 | 5.3 Medium |
| The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload text files and PDF documents to the affected site's server which may be leveraged for further attacks such as hosting malicious content or phishing pages via PDF files. | ||||
| CVE-2026-0914 | 2 Legalweb, Wordpress | 2 Wp Dsgvo Tools, Wordpress | 2026-01-26 | 6.4 Medium |
| The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-24560 | 2 Cloudinary, Wordpress | 2 Cloudinary, Wordpress | 2026-01-26 | 5.4 Medium |
| Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cloudinary: from n/a through <= 3.3.0. | ||||
| CVE-2026-24562 | 2 Ryviu, Wordpress | 2 Product Reviews For Woocommerce, Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product Reviews for WooCommerce: from n/a through <= 3.1.26. | ||||
| CVE-2026-24585 | 3 Hyyan Abo Fakher, Woocommerce, Wordpress | 3 Hyyan Woocommerce Polylang Integration, Woocommerce, Wordpress | 2026-01-26 | 6.5 Medium |
| Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0. | ||||
| CVE-2026-24587 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through <= 0.10.210305. | ||||
| CVE-2026-24589 | 2 Cargus Ecommerce, Wordpress | 2 Cargus, Wordpress | 2026-01-26 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8. | ||||
| CVE-2026-24595 | 2 Wordpress, Zohocorp | 2 Wordpress, Zoho Crm Lead Magnet | 2026-01-26 | 5.4 Medium |
| Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.5. | ||||
| CVE-2026-24603 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8. | ||||
| CVE-2020-36934 | 1 Microsoft | 1 Windows | 2026-01-26 | 7.8 High |
| Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup. | ||||
| CVE-2020-36931 | 1 Click2magic | 1 Click2magic | 2026-01-26 | 6.4 Medium |
| Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests. | ||||
| CVE-2022-25369 | 1 Dynamicweb | 1 Dynamicweb | 2026-01-26 | 9.8 Critical |
| An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have added, it is possible to upload an executable file and achieve command execution. This is fixed in 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, 9.12.8, and 9.13.0 (and later). | ||||
| CVE-2021-47903 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2026-01-26 | 8.8 High |
| LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection. | ||||
| CVE-2020-36933 | 1 Htc | 1 Iptinstaller | 2026-01-26 | 7.8 High |
| HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges. | ||||
| CVE-2020-36935 | 1 Kmspico | 1 Service Kmseldi | 2026-01-26 | 7.8 High |
| KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47889 | 1 Softros Systems | 1 Lan Messenger | 2026-01-26 | 7.8 High |
| Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47891 | 1 Unified Intents | 1 Unified Remote | 2026-01-26 | 9.8 Critical |
| Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads. | ||||
| CVE-2021-47892 | 1 Peel | 1 Peel Shopping | 2026-01-26 | 7.2 High |
| PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution. | ||||
| CVE-2021-47893 | 1 Agatasoft | 1 Pingmaster Pro | 2026-01-26 | 7.5 High |
| AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application crash and potential system instability. | ||||
| CVE-2021-47894 | 1 Northwest Performance Software | 1 Managed Switch Port Mapping Tool | 2026-01-26 | 7.5 High |
| Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the application crash. | ||||