Export limit exceeded: 359552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359552 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6893 | 1 Redhat | 6 Dracut, Enterprise Linux, Hardened Images and 3 more | 2026-06-17 | 7.5 High |
| A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior. | ||||
| CVE-2026-54194 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-06-17 | 9.8 Critical |
| Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions. | ||||
| CVE-2025-69113 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions. | ||||
| CVE-2025-69114 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions. | ||||
| CVE-2025-69116 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions. | ||||
| CVE-2025-69118 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions. | ||||
| CVE-2025-69119 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions. | ||||
| CVE-2025-69121 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions. | ||||
| CVE-2025-69122 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions. | ||||
| CVE-2025-69124 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Especio <= 1.0 versions. | ||||
| CVE-2025-69125 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions. | ||||
| CVE-2025-69131 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | ||||
| CVE-2025-69136 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions. | ||||
| CVE-2025-69137 | 2026-06-17 | 6.5 Medium | ||
| Subscriber Broken Access Control in Genemy <= 1.6.6 versions. | ||||
| CVE-2025-69139 | 2 Aivahthemes, Wordpress | 2 Car Zone, Wordpress | 2026-06-17 | 8.6 High |
| Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions. | ||||
| CVE-2025-69141 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions. | ||||
| CVE-2025-69142 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Abelle <= 1.22 versions. | ||||
| CVE-2025-69143 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Mission <= 1.22 versions. | ||||
| CVE-2025-69146 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Dom <= 1.24 versions. | ||||
| CVE-2026-7850 | 2026-06-17 | 5.9 Medium | ||
| The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user. | ||||