Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4001 | 2 Acowebs, Wordpress | 2 Woocommerce Custom Product Addons Pro, Wordpress | 2026-03-24 | 9.8 Critical |
| The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to insufficient sanitization and validation of user-submitted field values before passing them to PHP's eval() function. The sanitize_values() method strips HTML tags but does not escape single quotes or prevent PHP code injection. This makes it possible for unauthenticated attackers to execute arbitrary code on the server by submitting a crafted value to a WCPA text field configured with custom pricing formula (pricingType: "custom" with {this.value}). | ||||
| CVE-2026-4706 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4705 | 2026-03-24 | N/A | ||
| Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4676 | 1 Google | 1 Chrome | 2026-03-24 | 8.8 High |
| Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-4704 | 2026-03-24 | N/A | ||
| Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4702 | 2026-03-24 | N/A | ||
| JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4701 | 2026-03-24 | N/A | ||
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4700 | 2026-03-24 | N/A | ||
| Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4699 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4698 | 2026-03-24 | N/A | ||
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4697 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4696 | 2026-03-24 | N/A | ||
| Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4695 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-3533 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-03-24 | 8.8 High |
| The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and including, 4.14.1. This makes it possible for Authenticated attackers with Subscriber-level access and above, to upload files with dangerous types that can lead to Remote Code Execution on servers configured to handle .phar files as executable PHP (e.g., Apache+mod_php), or Stored Cross-Site Scripting via .svg, .dfxp, or .xhtml files upload on any server configuration | ||||
| CVE-2026-3509 | 2026-03-24 | 7.5 High | ||
| An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition. | ||||
| CVE-2026-33855 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-24 | 5.5 Medium |
| Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | ||||
| CVE-2026-33854 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-24 | 8.8 High |
| Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. | ||||
| CVE-2026-33853 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-24 | 5.5 Medium |
| NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. | ||||
| CVE-2026-33852 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-24 | 7.5 High |
| Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | ||||
| CVE-2026-33851 | 1 Joncampbell123 | 1 Doslib | 2026-03-24 | 7.8 High |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729. | ||||