Search

Search Results (365964 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-14543 1 Rti 1 Connext Professional 2026-06-17 9.1 Critical
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
CVE-2026-49268 1 Apache 1 Shiro 2026-06-17 N/A
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate the DN structure used for LDAP bind authentication, potentially bypassing authentication or impersonating other users. This issue affects all Apache Shiro versions through 2.2.0, and 3.0.0-alpha-1 when usingĀ DefaultLdapRealm Upgrade to Apache Shiro 2.2.1 or 3.0.0-alpha-2 or later, which fixes the issue.
CVE-2025-15657 2 Mojoomla, Wordpress 2 School Management, Wordpress 2026-06-17 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
CVE-2026-10850 1 Plane 1 Plane 2026-06-17 N/A
Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint.
CVE-2026-22283 2026-06-17 7.5 High
Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2026-47340 1 Apache 1 Dolphinscheduler 2026-06-17 6.5 Medium
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2025-69158 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
CVE-2024-24709 2 Shareaholic, Wordpress 2 Shareaholic, Wordpress 2026-06-17 4.3 Medium
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2026-32967 1 Apache 1 Dolphinscheduler 2026-06-17 6.5 Medium
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2026-22338 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.
CVE-2025-69117 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
CVE-2026-22326 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.
CVE-2026-22330 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.
CVE-2026-22332 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
CVE-2025-69145 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Gat <= 1.16 versions.
CVE-2025-69127 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
CVE-2025-69106 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
CVE-2024-32729 2 Quantumcloud, Wordpress 2 Conversational Forms For Chatbot, Wordpress 2026-06-17 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.
CVE-2025-58953 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.
CVE-2025-69166 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.