Export limit exceeded: 360231 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360231 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34005 | 1 Xiongmai | 1 Dvr/nvr Devices | 2026-06-17 | 8.8 High |
| In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used. | ||||
| CVE-2026-47964 | 1 Adobe | 1 Dng Sdk | 2026-06-17 | 7.8 High |
| DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-54194 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-06-17 | 9.8 Critical |
| Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions. | ||||
| CVE-2025-69113 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions. | ||||
| CVE-2025-69114 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions. | ||||
| CVE-2025-69116 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions. | ||||
| CVE-2025-69118 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions. | ||||
| CVE-2025-69124 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Especio <= 1.0 versions. | ||||
| CVE-2025-69139 | 2 Aivahthemes, Wordpress | 2 Car Zone, Wordpress | 2026-06-17 | 8.6 High |
| Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions. | ||||
| CVE-2025-69142 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Abelle <= 1.22 versions. | ||||
| CVE-2025-69143 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Mission <= 1.22 versions. | ||||
| CVE-2025-69146 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Dom <= 1.24 versions. | ||||
| CVE-2025-69147 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Putter <= 1.17 versions. | ||||
| CVE-2025-69150 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Medeus <= 1.14 versions. | ||||
| CVE-2025-69151 | 2 Themegoods, Wordpress | 2 Grand Car Rental, Wordpress | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions. | ||||
| CVE-2026-8089 | 2026-06-17 | 7.1 High | ||
| The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL. | ||||
| CVE-2025-69159 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Printo <= 1.11 versions. | ||||
| CVE-2025-69160 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Gita <= 1.11 versions. | ||||
| CVE-2025-69162 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Grecko <= 5.17 versions. | ||||
| CVE-2026-8383 | 2026-06-17 | 5.3 Medium | ||
| The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request | ||||