Total CVEs

140,409

Critical Severity

3,747

High Severity

13,543

Last 7 Days

1,668
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 101 - 120 of 36,814 CVEs
CVE-2026-58052 LOW - 3.3

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA...

Vendor: 7-Zip
Product: 7-Zip
Published: Jun 28, 2026
Source: NVD
CVE-2026-58051 MEDIUM - 6.5

libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2_publickey_list_free operating on an uninitialized entry. A malicious SSH server offering the publickey...

Vendor: libssh2
Product: libssh2
Published: Jun 28, 2026
Source: NVD
CVE-2026-58050 HIGH - 7.0

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicio...

Vendor: libssh2
Product: libssh2
Published: Jun 28, 2026
Source: NVD
CVE-2026-58049 HIGH - 8.6

FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation...

Vendor: FFmpeg
Product: FFmpeg
Published: Jun 28, 2026
Source: NVD
CVE-2026-8095 HIGH - 8.1

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler, where supplying WPFM_DIR_PA...

Published: Jun 28, 2026
Source: NVD
CVE-2026-10643 HIGH - 8.7

Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg_controllen < pktinfo_len) before writing a full control message consisting of an aligned cms...

Vendor: zephyrproject
Product: zephyr
Published: Jun 28, 2026
Source: NVD
CVE-2026-49416

The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An ...

Vendor: FreeBSD
Product: FreeBSD
Published: Jun 27, 2026
Source: NVD
CVE-2026-49414

The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user can...

Vendor: FreeBSD
Product: FreeBSD
Published: Jun 27, 2026
Source: NVD
CVE-2026-49417

Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system wit...

Vendor: FreeBSD
Product: FreeBSD
Published: Jun 27, 2026
Source: NVD
CVE-2026-49413

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables....

Vendor: FreeBSD
Product: FreeBSD
Published: Jun 27, 2026
Source: NVD
CVE-2026-49412

The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed memory. An unprivileged l...

Vendor: FreeBSD
Product: FreeBSD
Published: Jun 27, 2026
Source: NVD
CVE-2026-45259

sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. A process in capability mode can use sigqueue(2) to se...

Vendor: FreeBSD
Product: FreeBSD
Published: Jun 27, 2026
Source: NVD
CVE-2026-45258

dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted ...

Vendor: FreeBSD
Product: FreeBSD
Published: Jun 27, 2026
Source: NVD
CVE-2026-9242 MEDIUM - 5.3

The RegistrationMagic โ€“ Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN `callback` handler b...

Published: Jun 27, 2026
Source: NVD
CVE-2026-9233 MEDIUM - 4.3

The Quiz and Survey Master (QSM) โ€“ Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authentic...

Published: Jun 27, 2026
Source: NVD
CVE-2026-3462 MEDIUM - 6.5

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'process_batch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscri...

Published: Jun 27, 2026
Source: NVD
CVE-2026-13295 MEDIUM - 6.4

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

Vendor: gpriday
Product: Page Builder by SiteOrigin
Published: Jun 27, 2026
Source: NVD
CVE-2026-12471 MEDIUM - 4.3

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set of ...

Vendor: templatescoderthemes
Product: Spexo
Published: Jun 27, 2026
Source: NVD
CVE-2026-12432 MEDIUM - 5.3

The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_failed_payment_status AJAX action. The handler is registered through both wp_ajax_ and wp_ajax_nopriv_ hooks and the underlying update_failed_payment_status...

Vendor: themeisle
Product: Stripe Payment Forms by WP Full Pay โ€“ Accept Credit Card Payments, Donations & Subscriptions
Published: Jun 27, 2026
Source: NVD
CVE-2026-12399 MEDIUM - 4.4

The Gutenverse โ€“ WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta...

Vendor: jegstudio
Product: Gutenverse โ€“ WordPress Blocks, Page Builder & Site Editor
Published: Jun 27, 2026
Source: NVD