CVE search

363,346 results
CVE-2026-13228HIGHLatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' ParameterEPSS 0.3%CVE-2026-10095MEDIUMWP Photo Album Plus <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'subtext' Shortcode AttributeEPSS 0.2%CVE-2026-14258MEDIUMDhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handlingEPSS 0.2%CVE-2026-27435MEDIUMWordPress Woffice theme < 5.4.33 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12754MEDIUMVikBooking Hotel Booking Engine & PMS <= 1.8.12 - Reflected Cross-Site Scripting via 'layoutstyle' ParameterEPSS 0.3%CVE-2026-13454MEDIUMMotoPress Appointment Booking <= 2.4.5 - Authenticated (Staff+) SQL Injection via 's' ParameterEPSS 0.4%CVE-2026-10538HIGHImproper deserialization handling in Control-M ComponentsEPSS 0.2%CVE-2026-10539CRITICALUnauthenticated command injection in Control-M/Server communication commandEPSS 0.2%CVE-2026-12158HIGHRegistrationMagic <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation via 'rmc_assign_user_role_action' ParameterEPSS 0.2%CVE-2026-13733MEDIUMDownload Manager <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'no_data_msg' Shortcode AttributeEPSS 0.2%CVE-2026-11387CRITICALSMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password ResetEPSS 0.4%CVE-2026-12408MEDIUMSlim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' ParameterEPSS 0.3%CVE-2026-10096MEDIUMQi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' ParameterEPSS 0.2%CVE-2026-12435MEDIUMMotors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' ParameterEPSS 0.2%CVE-2026-12732MEDIUMLearnPress <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_wrapper_form' Shortcode AttributeEPSS 0.2%CVE-2026-10540MEDIUMWeak password hash protection in Control-M/Entreprise ManagerEPSS 0.1%CVE-2026-12577HIGHDVP80ES3 Improperly Implemented Security Check for Standard vulnerabilityEPSS 0.3%CVE-2026-12576HIGHDVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerabilityEPSS 0.2%CVE-2026-12575HIGHDVP80ES3 Improper Resource Shutdown or Release VulnerabilityEPSS 0.3%CVE-2026-50043HIGHImproper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If thiEPSS 1.1%