Export limit exceeded: 360022 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360022 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360022 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49778 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | ||||
| CVE-2026-45436 | 2026-06-17 | 6.5 Medium | ||
| Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions. | ||||
| CVE-2026-42629 | 2026-06-17 | 8.8 High | ||
| Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions. | ||||
| CVE-2026-42385 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions. | ||||
| CVE-2026-40735 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Reina <= 2.1 versions. | ||||
| CVE-2026-40731 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions. | ||||
| CVE-2026-40721 | 2026-06-17 | 7.5 High | ||
| Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions. | ||||
| CVE-2026-39558 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Malmö <= 2.2 versions. | ||||
| CVE-2026-34888 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions. | ||||
| CVE-2026-25446 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | ||||
| CVE-2026-24610 | 2026-06-17 | 4.3 Medium | ||
| Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions. | ||||
| CVE-2026-9690 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions. | ||||
| CVE-2025-58954 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions. | ||||
| CVE-2026-25836 | 1 Fortinet | 3 Fortisandbox Cloud, Fortisandboxcloud, Fortisandboxpaas | 2026-06-17 | 6.7 Medium |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2026-26795 | 1 Gl-inet | 3 Ar300m16, Ar300m16 Firmware, Gl-ar300m16 | 2026-06-17 | 9.8 Critical |
| GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | ||||
| CVE-2026-32746 | 1 Gnu | 1 Inetutils | 2026-06-17 | 9.8 Critical |
| telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | ||||
| CVE-2026-31386 | 2 Litespeed Technologies, Litespeedtech | 4 Lsws Enterprise, Openlitespeed, Litespeed Web Server and 1 more | 2026-06-17 | N/A |
| OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege. | ||||
| CVE-2026-26830 | 2 Mooz, Pdf-image Project | 2 Pdf-image, Pdf-image | 2026-06-17 | 9.8 Critical |
| pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec() | ||||
| CVE-2026-26831 | 1 Dbashford | 1 Textract | 2026-06-17 | 9.8 Critical |
| textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization | ||||
| CVE-2026-35616 | 1 Fortinet | 1 Forticlientems | 2026-06-17 | 9.1 Critical |
| A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | ||||