Export limit exceeded: 84517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58705 | 2 Axiomthemes, Wordpress | 2 Crafti, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12. | ||||
| CVE-2026-42670 | 2 Etoile Web Design Incorporated, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-06-02 | 7.5 High |
| Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14. | ||||
| CVE-2026-42685 | 2 Ahmad, Wordpress | 2 Wp Job Portal, Wordpress | 2026-06-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1. | ||||
| CVE-2026-39550 | 2 Elated-themes, Wordpress | 2 Aperitif, Wordpress | 2026-06-02 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6. | ||||
| CVE-2026-39551 | 2 Elated-themes, Wordpress | 2 Töbel, Wordpress | 2026-06-02 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1. | ||||
| CVE-2026-39552 | 2 Code Supply Co., Wordpress | 2 Blueprint, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5. | ||||
| CVE-2026-39553 | 2 Select-themes, Wordpress | 2 Waveride, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4. | ||||
| CVE-2025-58707 | 2 Axiomthemes, Wordpress | 2 Spin, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8. | ||||
| CVE-2025-58897 | 2 Axiomthemes, Wordpress | 2 Fermentio, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0. | ||||
| CVE-2025-69369 | 2 Axiomthemes, Wordpress | 2 Racquet, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0. | ||||
| CVE-2025-68886 | 2 Androthemes, Wordpress | 2 Cookiteer, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8. | ||||
| CVE-2026-40619 | 1 Genetec | 1 Security Center | 2026-06-02 | 7.8 High |
| A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation. This vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number. Consequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section. | ||||
| CVE-2026-40780 | 2 Liquid Web / Stellarwp, Wordpress | 2 Bookit, Wordpress | 2026-06-02 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1. | ||||
| CVE-2026-47314 | 2 Samsung, Samsung Open Source | 2 Escargot, Escargot | 2026-06-02 | 7.8 High |
| Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2025-13392 | 1 Synology | 1 Diskstation Manager | 2026-06-02 | 8.1 High |
| Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN). | ||||
| CVE-2025-14713 | 1 Synology | 2 C2 Identity Edge Server, Diskstation Manager | 2026-06-02 | 7.5 High |
| An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server. | ||||
| CVE-2025-30028 | 1 Synology | 2 Active Backup For Business, Diskstation Manager | 2026-06-02 | 8.6 High |
| A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files. | ||||
| CVE-2026-10214 | 1 Zhayujie | 2 Chatgpt-on-wechat, Chatgpt-on-wechat Cowagent | 2026-06-02 | 7.3 High |
| A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.0.9 is capable of addressing this issue. This patch is called 16d9b449c9aa53ccee44144a762a2737d7ba4fc4. It is recommended to upgrade the affected component. | ||||
| CVE-2026-44465 | 2 Zed, Zed-industries | 2 Zed, Zed | 2026-06-02 | 8.6 High |
| Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder in untrusted mode. This vulnerability is fixed in 0.227.1. | ||||
| CVE-2026-6857 | 1 Redhat | 10 Apache Camel Quarkus, Apache Camel Spring Boot, Build Of Apache Camel For Quarkus and 7 more | 2026-06-02 | 7.5 High |
| A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability. | ||||