Search

Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-5348 2 Kodezen, Wordpress 2 Academy Lms – Wordpress Lms Plugin For Complete Elearning Solution, Wordpress 2026-07-06 5.3 Medium
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to '__return_true', allowing unauthenticated access to course curriculum data without verifying the course's post status or user enrollment. This makes it possible for unauthenticated attackers to access detailed curriculum information for private, draft, scheduled, or password-protected courses by enumerating course IDs.
CVE-2026-33592 1 Open62541 Project / O6 Automation Gmbh 1 Open62541 2026-07-06 7.5 High
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configuration. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
CVE-2026-14336 1 Eclipse 1 Eclipse Pia 2026-07-06 8.2 High
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, pia/models.py:139) instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://ci.eclipse.org@evil.host (userinfo trick) or https://ci.eclipse.org.evil.host (suffix trick) that satisfies the prefix check while pointing the OIDC discovery and JWKS fetches at a server the attacker controls. An unauthenticated caller of POST /v1/upload/sbom can use this to force PIA to make outbound HTTP(S) requests to an arbitrary attacker-chosen host, and to have oidc.verify_token accept a JWT signed with the attacker's own key.
CVE-2026-9188 2 Wappointment, Wordpress 2 Appointment Bookings For Zoom Googlemeet And More – Wappointment, Wordpress 2026-07-06 5.3 Medium
The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 2.7.6 via the `appointmentkey` parameter due to the appointment `edit_key` — the sole authorization token consumed by `tryCancel()` — being generated as a predictable, unsalted MD5 hash of only `client_id` (a sequential integer), `start_at` (a publicly observable appointment timestamp), and `staff_id` (a small enumerable integer), with no secret salt or random component, and the unauthenticated cancellation and rescheduling REST endpoints performing no ownership or identity verification beyond matching this reconstructible key. This makes it possible for unauthenticated attackers to compute valid `edit_key` values for appointments belonging to other users and cancel or reschedule those appointments arbitrarily. Exploitation requires the `allow_cancellation` or `allow_rescheduling` setting to be enabled on the site, both of which are common configurations for active booking deployments; an attacker can obtain the inputs needed to reconstruct a victim's key by booking their own appointment to observe their sequential `client_id` and correlating publicly visible appointment times and enumerable staff identifiers.
CVE-2026-9834 2 Databasebackup, Wordpress 2 Wp Database Backup – Unlimited Database & Files Backup By Backup For Wp, Wordpress 2026-07-06 7.2 High
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the `wp_db_exclude_table` parameter. This is due to the direct concatenation of user-supplied `$_POST['wp_db_exclude_table']` values into the `mysqldump` shell command string in the `mysqldump()` function of `includes/admin/class-wpdb-admin.php` without wrapping them in `escapeshellarg()`—every other argument in the same command (DB_USER, DB_PASSWORD, host, filename, DB_NAME) is properly escaped, making the exclude-table values the sole exception—and because the only applied filtering, `sanitize_text_field()` via `recursive_sanitize_text_field()`, strips HTML tags but leaves shell metacharacters such as `;`, `|`, `` ` ``, and `$()` intact. This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary operating system commands on the server, potentially enabling full remote code execution. The injection is stored: malicious values submitted through the plugin settings form are persisted to the WordPress options table via `update_option('wp_db_exclude_table')` and later retrieved with `get_option()` and passed unsanitized to `shell_exec()` whenever a backup operation runs.
CVE-2026-10104 2 Nikhilgadhiya, Wordpress 2 Product Video Gallery For Woocommerce, Wordpress 2026-07-06 4.4 Medium
The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom_thumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-54430 1 Openidc 1 Liboauth2 2026-07-06 5.8 Medium
liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to alb_base_url without URL encoding or path sanitization, and the HTTP GET is issued before signature verification. This allows an attacker to force the server to send a GET request to an attacker-chosen internal path. This issue was fixed in version 2.3.0
CVE-2026-54431 1 Openidc 1 Liboauth2 2026-07-06 5.3 Medium
In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2_token_verify() function returns success for a malformed DPoP proof that embeds the private Elliptic Curve (EC) key in the header. This issue was fixed in version 2.3.0
CVE-2026-11946 1 Open62541 1 Open62541 2026-07-06 7.5 High
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configurations. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
CVE-2025-69132 2 Wordpress, Zozothemes 2 Wordpress, Corpkit 2026-07-06 6.5 Medium
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
CVE-2025-69134 2 Merkulove, Wordpress 2 Openai Chatbot For Wordpress – Helper, Wordpress 2026-07-06 7.5 High
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.
CVE-2025-69152 2 Themegoods, Wordpress 2 Artale | Wedding Photography Wordpress, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.
CVE-2025-69153 2 Designthemes, Wordpress 2 Trendy Travel, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.
CVE-2025-69154 2 Designthemes, Wordpress 2 Spalab | Beauty Salon Wordpress Theme, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.
CVE-2025-69155 2 Designthemes, Wordpress 2 Fitness Zone Wordpress Theme, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.
CVE-2025-69156 2 Design Themes, Wordpress 2 Kids Zone - Children Wordpress Theme, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
CVE-2026-27402 2 Designthemes, Wordpress 2 Kids Life | Children School Wordpress, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.
CVE-2026-27404 2 Designthemes, Wordpress 2 Lms, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.
CVE-2026-27408 2 Imithemes, Wordpress 2 Nativechurch, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
CVE-2026-27412 2 Stylemixthemes, Wordpress 2 Pearl - Corporate Business, Wordpress 2026-07-06 8.1 High
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.