Search

Expected end of text, found ':' (at char 25), (line:1, col:26)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359267 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-54193 2026-06-17 7.7 High
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
CVE-2024-37496 2026-06-17 4.3 Medium
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.
CVE-2026-2604 2 Gnome, Redhat 2 Evolution-data-server, Enterprise Linux 2026-06-17 5.6 Medium
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files.
CVE-2026-37281 1 Hitarth-gg 1 Zenshin 2026-06-17 9.8 Critical
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.
CVE-2026-22325 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.
CVE-2026-22331 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.
CVE-2025-59563 2026-06-17 8.8 High
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
CVE-2025-69129 2026-06-17 10 Critical
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-69171 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.
CVE-2026-22327 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
CVE-2026-39589 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
CVE-2026-22334 2026-06-17 7.5 High
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
CVE-2026-22343 2026-06-17 8.6 High
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-40747 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
CVE-2026-27041 2026-06-17 9.9 Critical
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
CVE-2026-39596 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
CVE-2026-40726 2026-06-17 8.2 High
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
CVE-2026-40749 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
CVE-2026-40783 2026-06-17 9.9 Critical
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2025-43300 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-06-17 10 Critical
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.