CVE search
361,769 resultsCVE-2026-8095HIGHFrontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File DeletionEPSS 0.4%CVE-2026-10643HIGHOut-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)EPSS 0.1%CVE-2026-49416HIGHInteger overflow in vt(4) CONS_HISTORY ioctlEPSS 0.1%CVE-2026-49414HIGHASLR bypass for setuid executables via procctl(2)EPSS 0.1%CVE-2026-49413HIGHFlaw in Linuxulator execution of setugid binariesEPSS 0.1%CVE-2026-49412HIGHUse-after-free bug in the IPV6_MSFILTER socket option handlerEPSS 0.1%CVE-2026-45259MEDIUMsigqueue(2) missing capability mode restrictionEPSS 0.1%CVE-2026-45258HIGHMultiple vulnerabilities in the sound(4) mmap pathEPSS 0.2%CVE-2026-49417HIGHMultiple vulnerabilities in the sound(4) mmap pathEPSS 0.2%CVE-2026-12399MEDIUMGutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' ParameterEPSS 0.2%CVE-2026-3462MEDIUMFrisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token ModificationEPSS 0.3%CVE-2026-12432MEDIUMStripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' ParameterEPSS 0.3%CVE-2026-11597MEDIUMSurbma | Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode AttributesEPSS 0.2%CVE-2026-13295MEDIUMPage Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data ParameterEPSS 0.2%CVE-2026-12471MEDIUMSpexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin ActivationEPSS 0.2%CVE-2026-11773MEDIUMMasteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement ModificationEPSS 0.1%CVE-2026-9233MEDIUMQuiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX ActionEPSS 0.3%CVE-2026-11364MEDIUMProduct Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX ActionsEPSS 0.2%CVE-2026-11783MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKUEPSS 0.2%CVE-2026-9242MEDIUMRegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN RequestEPSS 0.2%