Browse CVEs

Docker Desktop for Windows installer has permission assignment vulnerabilities allowing low-privileged attackers to gain code execution. Attackers can...

The SportsPress WordPress plugin has a Local File Inclusion vulnerability in all versions up to 2.7.26. Authenticated attackers with contributor-level...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in AKCE Software's SKSPro product. Attackers can inject malicious scripts into...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into pages using the Happy...

The Mail Mint WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to 1.19.2, allowing unauthenticated attackers to ...

A cross-site request forgery (CSRF) vulnerability exists in ELECOM WRC-X1500GS-B and WRC-X1500GSA-B wireless routers. Attackers can trick authenticate...

An OS command injection vulnerability in ELECOM WRC-X1500GS-B and WRC-X1500GSA-B wireless routers allows authenticated attackers to execute arbitrary ...

This vulnerability allows attackers to calculate initial administrative passwords for affected ELECOM wireless routers using publicly available system...

This stored XSS vulnerability in the LatePoint WordPress plugin allows unauthenticated attackers to inject malicious scripts into customer profile fie...

The Form Maker WordPress plugin has a stored XSS vulnerability in versions up to 1.15.35. Unauthenticated attackers can inject malicious JavaScript in...

The Form Maker by 10Web WordPress plugin allows unauthenticated attackers to upload malicious SVG files containing JavaScript code due to weak file ex...

This vulnerability allows local authenticated users on Brocade Fabric OS systems to escalate their privileges to root level using specific commands. I...

The Spectra Gutenberg Blocks plugin for WordPress has an information disclosure vulnerability that allows unauthenticated attackers to read excerpts f...

This vulnerability allows attackers to execute arbitrary code by exploiting insecure DLL loading in Roland Cloud Manager. Attackers can plant maliciou...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into web pages via the Bor...

This vulnerability in Brocade Fabric OS allows authenticated administrators to abuse shell commands (source, ping6, sleep, disown, wait) to manipulate...

This vulnerability allows authenticated administrators on Brocade Fabric OS to use the 'grep' shell command for directory traversal, potentially acces...

The WP ULike WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Subscriber-level access o...

CVE-2026-1788 is an out-of-bounds write vulnerability in Xquic Server's packet processing module that allows attackers to manipulate buffers. This aff...

An unauthenticated remote attacker can write arbitrary data to any file on Asustor ADM systems when a specific function is enabled during AD Domain jo...

This vulnerability in Brocade Fabric OS allows authenticated local attackers with Bash shell access to read insecurely stored file contents, including...

This vulnerability allows attackers to perform Man-in-the-Middle attacks on DDNS update communications by exploiting improper TLS/SSL certificate vali...

This vulnerability allows unauthenticated remote attackers to perform Man-in-the-Middle attacks by intercepting HTTPS communications due to improper S...

This CVE describes an insecure DDNS implementation in ASUSTOR ADM software where HTTP connections lack SSL/TLS certificate validation. Unauthenticated...

This vulnerability allows a Man-in-the-Middle attacker to intercept or redirect NAT tunnel establishment due to improper SSL/TLS certificate validatio...

This vulnerability in MediaWiki's API query revisions base component could allow attackers to access or manipulate revision data improperly. It affect...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's jQueryMsg JavaScript library that allows attackers to inject malicious scripts into ...

This vulnerability in Wikimedia's Scribunto extension and luasandbox library allows attackers to execute arbitrary Lua code within the context of the ...

This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's page preview JavaScript component. Attackers can inject malicious scripts...

This vulnerability in MediaWiki's XML API formatting component could allow attackers to execute unauthorized actions or access sensitive data. It affe...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia VisualEditor's clipboard handling component. It allows attackers to inject ...

This is a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's Vector skin that allows attackers to inject malicious scripts into web pa...

This vulnerability in Wikimedia Foundation's CheckUser extension allows unauthorized access to sensitive user contribution data. It affects administra...

This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's CommentFormatter/CommentParser.php that allows attackers to inject malici...

This vulnerability in MediaWiki's ImportableOldRevisionImporter.php allows attackers to potentially execute unauthorized actions during content import...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's ApiSandboxLayout.js file that allows attackers to inject malicious scripts into web ...

This vulnerability in Wikimedia Foundation's CheckUser extension allows attackers to potentially execute unauthorized actions through the Mail/UserMai...

This vulnerability in MediaWiki and its Cite extension allows attackers to inject malicious content through parser functions. It affects all MediaWiki...

This vulnerability in Brocade Fabric OS allows authenticated remote attackers with administrative credentials to execute arbitrary commands as root us...

This vulnerability allows administrator-level users on Brocade Fabric OS to execute the bind command, enabling privilege escalation and bypassing secu...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's CheckUser extension. Attackers can inject malicious scripts in...

This vulnerability in Wikimedia Foundation DiscussionTools allows attackers to execute unauthorized actions or access restricted functionality. It aff...

This vulnerability in Wikimedia Foundation's TextExtracts extension allows attackers to execute arbitrary code or access sensitive data through improp...

This vulnerability in Wikimedia Foundation's Thanks extension allows attackers to execute unauthorized actions through the ThanksQueryHelper.php file....

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's VisualEditor component. Attackers can inject malicious scripts...

A vulnerability in Brocade SANnav migration scripts before version 3.0 allows sensitive database information to be captured in support save files. Att...

This vulnerability in Brocade Fabric OS allows local authenticated users with lower privileges to view command line passwords and access sensitive inf...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's CodexTablePager component that allows attackers to inject malicious scripts into web...