Search
Search Results (359291 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39598 | 2026-06-17 | 8 High | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2. | ||||
| CVE-2026-25470 | 2026-06-17 | 10 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47. | ||||
| CVE-2026-40722 | 2026-06-17 | 5.5 Medium | ||
| Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6. | ||||
| CVE-2026-24061 | 2 Debian, Gnu | 2 Debian Linux, Inetutils | 2026-06-17 | 9.8 Critical |
| telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. | ||||
| CVE-2026-22550 | 1 Elecom | 4 Wrc-x1500gs-b, Wrc-x1500gs-b Firmware, Wrc-x1500gsa-b and 1 more | 2026-06-17 | 8.8 High |
| OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution. | ||||
| CVE-2026-36576 | 1 Openlabs | 1 Docker-wkhtmltopdf-aas | 2026-06-17 | 9.8 Critical |
| An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request. | ||||
| CVE-2026-54804 | 2026-06-17 | 7.6 High | ||
| Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions. | ||||
| CVE-2026-54189 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | ||||
| CVE-2026-54188 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | ||||
| CVE-2026-54185 | 2026-06-17 | 8.5 High | ||
| Subscriber SQL Injection in Cornerstone < 7.8.8 versions. | ||||
| CVE-2026-52706 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions. | ||||
| CVE-2026-52705 | 2026-06-17 | 9 Critical | ||
| Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. | ||||
| CVE-2026-49778 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | ||||
| CVE-2026-49084 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions. | ||||
| CVE-2026-49076 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. | ||||
| CVE-2026-49074 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions. | ||||
| CVE-2026-49072 | 2026-06-17 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions. | ||||
| CVE-2026-22340 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions. | ||||
| CVE-2026-22335 | 2026-06-17 | 8.5 High | ||
| Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions. | ||||
| CVE-2025-69148 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Quirky <= 1.23 versions. | ||||