Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,522
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,441 - 1,460 of 40,154 CVEs
CVE-2026-14802 HIGH - 7.3

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The exploi...

Vendor: react
Product: create-react-app
Published: Jul 06, 2026
Source: NVD

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin_probe_duration of the file src/filters/load_text.c of the component TeXML File Handler. Such manipulation of the argument txml_timescale leads to divide by zero. An attac...

Product: GPAC
Published: Jul 06, 2026
Source: NVD
CVE-2026-14800 MEDIUM - 4.3

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public and c...

Vendor: imhamzaazam
Product: ecommerceFlask
Published: Jul 06, 2026
Source: NVD
CVE-2026-12083 HIGH - 8.1

The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted adm...

Vendor: Unknown
Product: Admin and Site Enhancements (ASE), admin-site-enhancements-pro
Published: Jul 06, 2026
Source: NVD
CVE-2026-11962 HIGH - 8.8

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access โ€” which its premium add-on can extend to sub-administrator roles โ€” to upload arbitrary PHP files and a...

Vendor: Unknown
Product: FileOrganizer
Published: Jul 06, 2026
Source: NVD
CVE-2026-11855 HIGH - 8.8

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web scripts...

Vendor: Unknown
Product: Simple Membership
Published: Jul 06, 2026
Source: NVD
CVE-2026-11766 HIGH - 8.0

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, including ...

Vendor: Unknown
Product: Ultimate Member
Published: Jul 06, 2026
Source: NVD
CVE-2026-10830 HIGH - 8.8

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary ac...

Vendor: Unknown
Product: AllCoach
Published: Jul 06, 2026
Source: NVD
CVE-2024-6228 HIGH - 7.5

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on ...

Published: Jul 06, 2026
Source: NVD
CVE-2026-14799 MEDIUM - 6.3

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/my_account.php?my_wishlist. The manipulation of the argument delete_wishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

Vendor: CodeAstro
Product: Ecommerce Website
Published: Jul 06, 2026
Source: NVD
CVE-2026-14798 MEDIUM - 6.3

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is publ...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14797 MEDIUM - 6.3

A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely. The...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14796 MEDIUM - 6.3

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the argument fromdate results in sql injection. It is possible to initiate the attack remotely. The exploit has been ma...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14795 MEDIUM - 6.3

A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such manipulation of the argument remark leads to sql injection. The attack may be performed from remote. The e...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14794 MEDIUM - 4.3

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is possib...

Vendor: Craft
Product: CMS
Published: Jul 06, 2026
Source: NVD
CVE-2026-14793 MEDIUM - 4.3

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to version 4...

Vendor: Craft
Product: CMS
Published: Jul 06, 2026
Source: NVD
CVE-2026-14792 MEDIUM - 6.5

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to versio...

Product: Formbricks
Published: Jul 06, 2026
Source: NVD

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attack m...

Vendor: crater-invoice-inc
Product: crater
Published: Jul 06, 2026
Source: NVD

A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be us...

Product: GPAC
Published: Jul 06, 2026
Source: NVD

A vulnerability was detected in radareorg radare2 up to 6.1.6. Affected by this issue is some unknown functionality of the file libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream Parser. Performing a manipulation results in stack-based buffer overflow. The attack requires a local approa...

Vendor: radareorg
Product: radare2
Published: Jul 06, 2026
Source: NVD