CVE search
363,138 resultsCVE-2026-10823HIGHYMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post DisclosureEPSS 0.9%CVE-2025-10268MEDIUMPrintcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder Content Disclosure via Path TraversalEPSS 0.3%CVE-2026-8797HIGHAn access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitEPSS 0.1%CVE-2026-8661MEDIUMServer-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF PluginEPSS 0.3%CVE-2026-13226MEDIUMGroundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' ParameterEPSS 0.3%CVE-2026-48930MEDIUMA flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation iEPSS 0.4%CVE-2026-48928MEDIUMA inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.
This vulnerability affects allEPSS 0.3%CVE-2026-48934MEDIUMA flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.
This vulnerability affects all supporteEPSS 0.3%CVE-2026-48936LOWA flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permissioEPSS 0.2%CVE-2026-48618HIGHA flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypasEPSS 0.7%CVE-2026-48933HIGHA flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.
This vulnerabiEPSS 2.4%CVE-2026-48935LOWA flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-reaEPSS 0.2%CVE-2026-48619MEDIUMA flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on EPSS 0.7%CVE-2026-48615MEDIUMA flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.
When proxy credentialsEPSS 0.4%CVE-2026-50745MEDIUMA missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did EPSS 0.2%CVE-2026-50740MEDIUMA missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileEPSS 0.2%CVE-2026-50742MEDIUMA stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. TEPSS 0.2%CVE-2026-50741HIGHBypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed eithEPSS 2.7%CVE-2026-50739MEDIUMA bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns EPSS 0.3%CVE-2026-50744MEDIUMA bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a sessEPSS 0.2%