Search

Expected end of text, found ':' (at char 37), (line:1, col:38)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359851 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-25108 2 Soliton, Soliton Systems K.k. 2 Filezen, Filezen 2026-06-17 8.8 High
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
CVE-2026-22769 1 Dell 1 Recoverpoint For Virtual Machines 2026-06-17 10 Critical
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
CVE-2026-54811 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
CVE-2026-54802 2026-06-17 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-54195 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
CVE-2026-49778 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-45436 2026-06-17 6.5 Medium
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
CVE-2026-42629 2026-06-17 8.8 High
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-42385 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
CVE-2026-40735 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
CVE-2026-40731 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
CVE-2026-40721 2026-06-17 7.5 High
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
CVE-2026-39558 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
CVE-2026-34888 2026-06-17 7.5 High
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
CVE-2026-25446 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
CVE-2026-24610 2026-06-17 4.3 Medium
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-9690 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
CVE-2025-58954 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
CVE-2026-25836 1 Fortinet 3 Fortisandbox Cloud, Fortisandboxcloud, Fortisandboxpaas 2026-06-17 6.7 Medium
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
CVE-2026-26795 1 Gl-inet 3 Ar300m16, Ar300m16 Firmware, Gl-ar300m16 2026-06-17 9.8 Critical
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.