Search
Search Results (359226 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40721 | 2026-06-17 | 7.5 High | ||
| Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions. | ||||
| CVE-2026-39582 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions. | ||||
| CVE-2026-39573 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions. | ||||
| CVE-2026-39558 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Malmö <= 2.2 versions. | ||||
| CVE-2026-39545 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions. | ||||
| CVE-2026-34888 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions. | ||||
| CVE-2026-27400 | 2026-06-17 | 8.6 High | ||
| Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions. | ||||
| CVE-2026-25446 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | ||||
| CVE-2026-24610 | 2026-06-17 | 4.3 Medium | ||
| Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions. | ||||
| CVE-2026-22340 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions. | ||||
| CVE-2026-22335 | 2026-06-17 | 8.5 High | ||
| Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions. | ||||
| CVE-2026-9690 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions. | ||||
| CVE-2025-69148 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Quirky <= 1.23 versions. | ||||
| CVE-2025-69110 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions. | ||||
| CVE-2025-60205 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions. | ||||
| CVE-2025-58954 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions. | ||||
| CVE-2024-52488 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions. | ||||
| CVE-2026-20133 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-06-17 | 6.5 Medium |
| A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. | ||||
| CVE-2026-25836 | 1 Fortinet | 3 Fortisandbox Cloud, Fortisandboxcloud, Fortisandboxpaas | 2026-06-17 | 6.7 Medium |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2026-26795 | 1 Gl-inet | 3 Ar300m16, Ar300m16 Firmware, Gl-ar300m16 | 2026-06-17 | 9.8 Critical |
| GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | ||||