Export limit exceeded: 359296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27041 | 2026-06-17 | 9.9 Critical | ||
| Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions. | ||||
| CVE-2026-39596 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. | ||||
| CVE-2026-40726 | 2026-06-17 | 8.2 High | ||
| Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions. | ||||
| CVE-2026-40749 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions. | ||||
| CVE-2026-40783 | 2026-06-17 | 9.9 Critical | ||
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. | ||||
| CVE-2026-48875 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions. | ||||
| CVE-2026-49075 | 2026-06-17 | 9.8 Critical | ||
| Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions. | ||||
| CVE-2026-42380 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions. | ||||
| CVE-2026-49058 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions. | ||||
| CVE-2026-49079 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions. | ||||
| CVE-2026-22312 | 1 Radiflow | 1 Isap Smart Collector | 2026-06-17 | 8.6 High |
| The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot). | ||||
| CVE-2026-54184 | 2026-06-17 | 8.2 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions. | ||||
| CVE-2026-52696 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions. | ||||
| CVE-2026-54807 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. | ||||
| CVE-2026-26833 | 1 Mmahrous | 1 Thumbler | 2026-06-17 | 9.8 Critical |
| thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping. | ||||
| CVE-2026-40688 | 1 Fortinet | 1 Fortiweb | 2026-06-17 | 6.7 Medium |
| An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests. | ||||
| CVE-2026-28950 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-06-17 | 6.2 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the device. | ||||
| CVE-2026-36841 | 1 Totolink | 1 N200re-v5 | 2026-06-17 | 9.8 Critical |
| TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. | ||||
| CVE-2026-54805 | 2026-06-17 | 8.8 High | ||
| Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions. | ||||
| CVE-2024-34810 | 2026-06-17 | 4.3 Medium | ||
| Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10. | ||||