Vulnerabilities (CVE)

Total 362780 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2026-54189 2026-06-17 N/A 7.1 HIGH
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
CVE-2026-54188 2026-06-17 N/A 7.1 HIGH
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
CVE-2026-54185 2026-06-17 N/A 8.5 HIGH
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
CVE-2026-52716 2026-06-17 N/A 6.5 MEDIUM
Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.
CVE-2026-52706 2026-06-17 N/A 9.8 CRITICAL
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
CVE-2026-52705 2026-06-17 N/A 9.0 CRITICAL
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
CVE-2026-49778 2026-06-17 N/A 7.1 HIGH
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-49107 2026-06-17 N/A 9.8 CRITICAL
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
CVE-2026-49084 2026-06-17 N/A 9.3 CRITICAL
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
CVE-2026-49076 2026-06-17 N/A 9.3 CRITICAL
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
CVE-2026-49074 2026-06-17 N/A 7.1 HIGH
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
CVE-2026-49072 2026-06-17 N/A 6.5 MEDIUM
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.
CVE-2026-48967 2026-06-17 N/A 8.5 HIGH
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
CVE-2026-48117 2026-06-17 N/A 6.8 MEDIUM
DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed account activation. When the legitimate owner later activated the account, either by clicking the email verification link or by logging in via Google SSO, the attacker-set password became fully valid, enabling silent and persistent account takeover without any notification to the victim. The vulnerability was fixed server-side on 2025-05-20; no user action is required. Node binaries and self-hosted detection nodes are not affected. There are no workarounds; the fix was deployed server-side and no client-side mitigation is applicable.
CVE-2026-47340 1 Apache 1 Dolphinscheduler 2026-06-17 N/A 6.5 MEDIUM
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2026-46872 1 Oracle 1 Enterprise Manager Base Platform 2026-06-17 N/A 9.0 CRITICAL
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Install). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H).
CVE-2026-46932 1 Oracle 1 Enterprise Asset Management 2026-06-17 N/A 7.1 HIGH
Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Asset Management. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L).
CVE-2026-45436 2026-06-17 N/A 6.5 MEDIUM
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
CVE-2026-45389 2026-06-17 N/A 7.4 HIGH
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage).
CVE-2026-42629 2026-06-17 N/A 8.8 HIGH
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.