Search
Search Results (358962 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39576 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. | ||||
| CVE-2026-39560 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions. | ||||
| CVE-2026-39559 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions. | ||||
| CVE-2026-39556 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Konsept <= 1.9 versions. | ||||
| CVE-2026-39523 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions. | ||||
| CVE-2026-39445 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions. | ||||
| CVE-2026-39442 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions. | ||||
| CVE-2025-69170 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions. | ||||
| CVE-2025-69164 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Skyward <= 1.10 versions. | ||||
| CVE-2025-69144 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Preservation <= 1.10 versions. | ||||
| CVE-2026-54193 | 2026-06-17 | 7.7 High | ||
| Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions. | ||||
| CVE-2024-37496 | 2026-06-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. | ||||
| CVE-2026-2604 | 2 Gnome, Redhat | 2 Evolution-data-server, Enterprise Linux | 2026-06-17 | 5.6 Medium |
| A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files. | ||||
| CVE-2026-37281 | 1 Hitarth-gg | 1 Zenshin | 2026-06-17 | 9.8 Critical |
| An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter. | ||||
| CVE-2026-22325 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions. | ||||
| CVE-2026-22331 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions. | ||||
| CVE-2025-59563 | 2026-06-17 | 8.8 High | ||
| Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions. | ||||
| CVE-2025-69129 | 2026-06-17 | 10 Critical | ||
| Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | ||||
| CVE-2025-69171 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions. | ||||
| CVE-2026-22327 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions. | ||||