Export limit exceeded: 357223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357223 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-20063 | 2 Md. Shamim Shahnewaz, Wordpress | 2 Single Personal Message, Wordpress | 2026-06-09 | 7.1 High |
| Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to extract sensitive database information including user credentials and site configuration data. | ||||
| CVE-2016-20064 | 2 Myasui, Wordpress | 2 Wp Vault, Wordpress | 2026-06-09 | 6.2 Medium |
| WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials. | ||||
| CVE-2016-20065 | 2 Evwill, Wordpress | 2 Product Catalog 8, Wordpress | 2026-06-09 | 8.2 High |
| Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the UpdateCategoryList action to extract sensitive database information from WordPress tables. | ||||
| CVE-2017-20243 | 2 Quanticalabs, Wordpress | 2 Car Park Booking System, Wordpress | 2026-06-09 | 8.2 High |
| WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter. Attackers can send GET requests to the booking-page endpoint with malicious space_id values using AND SLEEP() payloads to extract sensitive database information. | ||||
| CVE-2017-20246 | 2 Missilesilo, Wordpress | 2 Kittycatfish, Wordpress | 2026-06-09 | 8.2 High |
| KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc_ad' parameter in base.css.php or kittycatfish.php to extract sensitive database information using boolean-based blind or time-based blind techniques. | ||||
| CVE-2017-20247 | 2 Apptha, Wordpress | 2 Pica Photo Gallery, Wordpress | 2026-06-09 | 8.2 High |
| WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information including user credentials and table contents. | ||||
| CVE-2017-20248 | 2 Apptha, Wordpress | 2 Apptha Slider Gallery, Wordpress | 2026-06-09 | 7.5 High |
| Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory. | ||||
| CVE-2017-20249 | 2 Apptha, Wordpress | 2 Apptha Slider Gallery, Wordpress | 2026-06-09 | 8.2 High |
| Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive database information including user credentials and authentication hashes. | ||||
| CVE-2017-20250 | 2 Apptha, Wordpress | 2 Mac Photo Gallery, Wordpress | 2026-06-09 | 7.5 High |
| Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory. | ||||
| CVE-2026-7486 | 1 Netcad | 1 E-imar | 2026-06-09 | 9.8 Critical |
| Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2. | ||||
| CVE-2026-11786 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 1.9 Low |
| A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation. | ||||
| CVE-2026-11785 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 4.3 Medium |
| A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users. | ||||
| CVE-2026-11787 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 5 Medium |
| A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior. | ||||
| CVE-2026-11788 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 5.9 Medium |
| A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure. | ||||
| CVE-2026-11789 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 4.9 Medium |
| A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication. | ||||
| CVE-2026-11790 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 4.9 Medium |
| A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication, resulting in denial of service. | ||||
| CVE-2026-11793 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 4.9 Medium |
| A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can crash the LDAP server by storing a crafted credential with an oversized algorithm ID. FORTIFY_SOURCE mitigates this to denial of service only. | ||||
| CVE-2026-11792 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 3.3 Low |
| A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged (requiring non-default CLEAR password storage or a compromised replication peer), the copy overflows the buffer, corrupting heap memory and audit log output. | ||||
| CVE-2026-8025 | 1 Mosk | 1 Cbs Platform | 2026-06-09 | 9.8 Critical |
| Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2026-24065 | 1 Waves Audio | 1 Waves Central | 2026-06-09 | 8.1 High |
| Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier (PID) to verify code-signing identity. Because process identifiers can be reused, a local attacker can exploit a race condition between the time a connection request is made and the time the helper performs validation, causing the helper to trust an attacker-controlled process. This allows the attacker to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2. | ||||