Search

Expected end of text, found ':' (at char 21), (line:1, col:22)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (358957 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-22331 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.
CVE-2025-59563 2026-06-17 8.8 High
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
CVE-2025-69129 2026-06-17 10 Critical
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-69171 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.
CVE-2026-22327 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
CVE-2026-39589 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
CVE-2026-22334 2026-06-17 7.5 High
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
CVE-2026-22343 2026-06-17 8.6 High
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-40747 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
CVE-2026-27041 2026-06-17 9.9 Critical
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
CVE-2025-59872 2026-06-17 4.3 Medium
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code
CVE-2026-39596 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
CVE-2026-40726 2026-06-17 8.2 High
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
CVE-2026-40749 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
CVE-2026-40783 2026-06-17 9.9 Critical
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2025-43300 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-06-17 10 Critical
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
CVE-2026-32967 1 Apache 1 Dolphinscheduler 2026-06-17 N/A
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2026-48875 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
CVE-2026-49075 2026-06-17 9.8 Critical
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
CVE-2026-42380 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.