CVE search

363,055 results
CVE-2026-11387CRITICALSMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password ResetEPSS 0.4%CVE-2026-12408MEDIUMSlim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' ParameterEPSS 0.3%CVE-2026-10096MEDIUMQi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' ParameterEPSS 0.2%CVE-2026-12435MEDIUMMotors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' ParameterEPSS 0.2%CVE-2026-12732MEDIUMLearnPress <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_wrapper_form' Shortcode AttributeEPSS 0.2%CVE-2026-10540MEDIUMWeak password hash protection in Control-M/Entreprise ManagerEPSS 0.1%CVE-2026-12577HIGHDVP80ES3 Improperly Implemented Security Check for Standard vulnerabilityEPSS 0.3%CVE-2026-12576HIGHDVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerabilityEPSS 0.2%CVE-2026-12575HIGHDVP80ES3 Improper Resource Shutdown or Release VulnerabilityEPSS 0.3%CVE-2026-50043HIGHImproper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If thiEPSS 1.1%CVE-2026-12224HIGHDokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST EndpointEPSS 0.2%CVE-2026-56016MEDIUMCGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sourcesEPSS 0.3%CVE-2026-11887MEDIUMSalon Booking System < 10.30.20 - Subscriber+ Booking Approval BypassEPSS 0.2%CVE-2026-11883HIGHWebAuthn Provider for Two Factor < 2.5.6 - 2FA BypassEPSS 0.4%CVE-2026-11880LOWFluent Forms < 6.2.1 - Subscriber+ Subscription Cancellation via IDOREPSS 0.1%CVE-2026-11794HIGHAdvanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role MappingEPSS 0.2%CVE-2026-11570MEDIUMUser Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author NameEPSS 0.1%CVE-2026-11568HIGHProduct Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_dataEPSS 0.3%CVE-2026-11562MEDIUMWS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings UpdateEPSS 0.2%CVE-2026-10750HIGHRoyal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP ToolsEPSS 0.3%