Search

Expected end of text, found '⚡' (at char 69), (line:1, col:70)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359552 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-52707 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
CVE-2026-40757 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
CVE-2026-40756 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
CVE-2026-40733 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
CVE-2026-40720 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
CVE-2026-39590 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
CVE-2026-39576 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
CVE-2026-39560 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
CVE-2026-39556 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
CVE-2026-39523 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
CVE-2026-39442 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
CVE-2026-54193 2026-06-17 7.7 High
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
CVE-2026-2604 2 Gnome, Redhat 2 Evolution-data-server, Enterprise Linux 2026-06-17 5.6 Medium
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files.
CVE-2026-37281 1 Hitarth-gg 1 Zenshin 2026-06-17 9.8 Critical
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.
CVE-2026-22325 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.
CVE-2026-22331 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.
CVE-2026-39596 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
CVE-2026-40783 2026-06-17 9.9 Critical
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2025-43300 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-06-17 10 Critical
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
CVE-2026-50263 2 Redhat, X.org 3 Enterprise Linux, X Server, Xwayland 2026-06-17 5.5 Medium
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.