Total CVEs

145,906

Critical Severity

4,292

High Severity

15,777

Last 7 Days

2,207
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 6,461 - 6,480 of 42,311 CVEs
CVE-2026-12077 HIGH - 7.5

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

Vendor: wedevs
Product: Dokan Pro
Published: Jun 25, 2026
Source: NVD
CVE-2026-10833 MEDIUM - 6.4

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output esc...

Vendor: wpdevteam
Product: Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
Published: Jun 25, 2026
Source: NVD
CVE-2026-8662 LOW - 3.3

Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.

Vendor: rapid7
Product: insightconnect_compression
Published: Jun 25, 2026
Source: NVD
CVE-2026-8658 MEDIUM - 6.0

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.

Vendor: rapid7
Product: insightconnect_tcpdump
Published: Jun 25, 2026
Source: NVD
CVE-2026-8666 HIGH - 7.7

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell com...

Vendor: rapid7
Product: insightconnect_traceroute
Published: Jun 25, 2026
Source: NVD
CVE-2026-8665 HIGH - 7.7

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.

Vendor: rapid7
Product: insightconnect_translate
Published: Jun 25, 2026
Source: NVD
CVE-2026-8664 MEDIUM - 6.0

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.

Vendor: rapid7
Product: insightconnect_finger
Published: Jun 25, 2026
Source: NVD
CVE-2026-8660 HIGH - 7.7

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.

Vendor: rapid7
Product: insightconnect_ping
Published: Jun 25, 2026
Source: NVD
CVE-2026-8592 HIGH - 7.7

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.

Vendor: rapid7
Product: insightconnect_awk
Published: Jun 25, 2026
Source: NVD
CVE-2026-9155 HIGH - 8.8

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

Vendor: gnu
Product: sed
Published: Jun 25, 2026
Source: NVD
CVE-2026-9154 HIGH - 7.1

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.

Vendor: gnu
Product: sed
Published: Jun 25, 2026
Source: NVD
CVE-2026-9153 MEDIUM - 6.5

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

Vendor: gnu
Product: sed
Published: Jun 25, 2026
Source: NVD
CVE-2026-57589 HIGH - 7.4

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

Vendor: OpenBSD
Product: OpenBSD
Published: Jun 25, 2026
Source: NVD
CVE-2026-9787 HIGH - 8.8

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authenti...

Vendor: quest
Product: netvault_backup
Published: Jun 25, 2026
Source: NVD
CVE-2026-9786 HIGH - 8.8

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authenticati...

Vendor: quest
Product: netvault_backup
Published: Jun 25, 2026
Source: NVD
CVE-2026-9785 HIGH - 8.8

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentica...

Vendor: quest
Product: netvault_backup
Published: Jun 25, 2026
Source: NVD
CVE-2026-9784 HIGH - 8.8

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentica...

Vendor: quest
Product: netvault_backup
Published: Jun 25, 2026
Source: NVD
CVE-2026-9783 HIGH - 8.8

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authent...

Vendor: quest
Product: netvault_backup
Published: Jun 25, 2026
Source: NVD
CVE-2026-9782 HIGH - 8.8

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentica...

Vendor: quest
Product: netvault_backup
Published: Jun 25, 2026
Source: NVD
CVE-2026-9781 HIGH - 8.8

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authenticati...

Vendor: quest
Product: netvault_backup
Published: Jun 25, 2026
Source: NVD