Búsqueda de CVEs
363.619 resultadosCVE-2026-12471MEDIUMSpexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin ActivationEPSS 0.2%CVE-2026-11773MEDIUMMasteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement ModificationEPSS 0.1%CVE-2026-9233MEDIUMQuiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX ActionEPSS 0.3%CVE-2026-11364MEDIUMProduct Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX ActionsEPSS 0.2%CVE-2026-11783MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKUEPSS 0.2%CVE-2026-9242MEDIUMRegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN RequestEPSS 0.2%CVE-2026-11987MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' ParameterEPSS 0.3%CVE-2026-9677MEDIUMShariff for WordPress <= 1.0.11 - Admin+ Stored Cross-Site ScriptingEPSS 0.1%CVE-2026-10820HIGHProfilePress < 4.16.17 - Subscriber+ Subscription Cancellation via IDOREPSS 0.2%CVE-2026-12404MEDIUMNEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport ClassEPSS 0.3%CVE-2026-13245MEDIUMMaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' ParameterEPSS 0.2%CVE-2026-12415CRITICALInvoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' ParameterEPSS 0.7%CVE-2025-59868MEDIUMHCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposureEPSS 0.1%CVE-2026-13422MEDIUMHD Quiz 2.2.0 - 2.2.1 - Cross-Site Request Forgery via Multiple AJAX HandlersEPSS 0.2%CVE-2026-11356MEDIUMIvory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' SettingsEPSS 0.3%CVE-2026-13333MEDIUMGroundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' ParameterEPSS 0.3%CVE-2026-13335MEDIUMCodePeople Post Map for Google Maps <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting via 'cpm_point' Post MetaEPSS 0.2%CVE-2026-13331MEDIUMGroundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' ParameterEPSS 0.3%CVE-2023-37524HIGHHCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of serviceEPSS 0.1%CVE-2026-56414HIGHH.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous TypeEPSS 0.4%