Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,504
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,501 - 2,520 of 40,198 CVEs
CVE-2026-11562 MEDIUM - 4.3

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.

Vendor: Unknown
Product: WS Form LITE
Published: Jul 01, 2026
Source: NVD
CVE-2026-10750 HIGH - 8.1

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify, o...

Vendor: Unknown
Product: Royal MCP
Published: Jul 01, 2026
Source: NVD
CVE-2025-15666 MEDIUM - 5.3

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height leads t...

Vendor: Open Asset Import Library
Product: Assimp
Published: Jul 01, 2026
Source: NVD
CVE-2026-9107 MEDIUM - 6.4

The Kali Forms โ€” Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'meta[kaliforms_field_components]' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This mak...

Published: Jul 01, 2026
Source: NVD
CVE-2026-7840 CRITICAL - 9.8

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf ca...

Published: Jul 01, 2026
Source: NVD
CVE-2026-7839 CRITICAL - 9.1

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy_s(saved_password...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7838 HIGH - 8.8

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field (type CARD32) is passed as reasonLen+1 to CheckBufferSize(). Because both o...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7831 HIGH - 7.6

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer _dn[2024] and calls ReadString(_dn, 2024). ReadStr...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7830 HIGH - 7.4

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can be ...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7829 HIGH - 7.2

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpy_s copies a rule token into temp1[rule1] (25-byte destination) or temp2/temp3 (16-byte destination), the code unconditionally writes...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7828 MEDIUM - 5.3

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the win_log() function allocates list nodes via malloc(sizeof(struct LIST) + strlen(line)), where line is derived from HTTP request URIs. If strlen(line) is sufficientl...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7517 HIGH - 7.2

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alg_wc_cpg_input_fields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unaut...

Published: Jul 01, 2026
Source: NVD
CVE-2026-6070 CRITICAL - 9.1

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove() method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is accessi...

Published: Jul 01, 2026
Source: NVD
CVE-2026-58519 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from * before 3.9.1.

Vendor: The Wikimedia Foundation
Product: Mediawiki - Cargo Extension
Published: Jul 01, 2026
Source: NVD

Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3.

Vendor: The Wikimedia Foundation
Product: Mediawiki - RedirectManager Extension
Published: Jul 01, 2026
Source: NVD

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wi_uudecode() function checks whether the input length exceeds the output buffer with a strict greater-than comparison (>), while t...

Vendor: uvnc
Product: UltraVNC
Published: Jul 01, 2026
Source: NVD
CVE-2026-44041 MEDIUM - 6.5

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb() function passes a caller-supplied WCHAR pointer to wcslen() before any bounds check. If the caller provides a wide-character buffer that is not properly NUL-te...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-44040 MEDIUM - 6.5

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes() function seeds libc rand() with time(0) + getpid() + rand() and generates a 16-byte challenge. The combined seed space i...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-2387 MEDIUM - 6.4

The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eo_events' shortcode accepting attacker-controlled 'no_events' content and rendering it in event list templates without output e...

Published: Jul 01, 2026
Source: NVD
CVE-2026-13731 HIGH - 7.2

The WPBot โ€“ AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it pos...

Vendor: quantumcloud
Product: WPBot โ€“ AI ChatBot for Live Support, Lead Generation, AI Services
Published: Jul 01, 2026
Source: NVD