Search
Search Results (358793 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-38060 | 2026-06-16 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter. | ||||
| CVE-2026-38061 | 2026-06-16 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter. | ||||
| CVE-2026-38062 | 2026-06-16 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter. | ||||
| CVE-2026-38063 | 2026-06-16 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter. | ||||
| CVE-2026-38064 | 2026-06-16 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter. | ||||
| CVE-2026-38065 | 2026-06-16 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter. | ||||
| CVE-2026-50876 | 2026-06-16 | 5.4 Medium | ||
| A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2025-68872 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions. | ||||
| CVE-2026-27053 | 2026-06-16 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. | ||||
| CVE-2026-34892 | 2 Rank Math Seo, Wordpress | 2 Rank Math Seo, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions. | ||||
| CVE-2026-39435 | 2 Bgermann, Wordpress | 2 Cformsii, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions. | ||||
| CVE-2026-39463 | 2 Managewp, Wordpress | 2 Managewp Worker, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions. | ||||
| CVE-2026-39474 | 2 Metaphorcreations, Wordpress | 2 Post Duplicator, Wordpress | 2026-06-16 | 8.8 High |
| Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions. | ||||
| CVE-2026-39492 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions. | ||||
| CVE-2026-39507 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions. | ||||
| CVE-2026-39518 | 2026-06-16 | 7.1 High | ||
| Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. | ||||
| CVE-2026-39532 | 2026-06-16 | 8.8 High | ||
| Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. | ||||
| CVE-2026-39584 | 2 Webful Creations, Wordpress | 2 Repairbuddy, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions. | ||||
| CVE-2026-40741 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. | ||||
| CVE-2026-40770 | 2 Relywp, Wordpress | 2 Coupon Affiliates, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions. | ||||