Export limit exceeded: 361690 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361690 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26461 | 1 Aver | 1 Ptc320uv2 | 2026-06-17 | 6.5 Medium |
| A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request. | ||||
| CVE-2026-7411 | 1 Eclipse | 1 Basyx | 2026-06-17 | 10 Critical |
| In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise. | ||||
| CVE-2026-38361 | 1 Fohrloop | 1 Dash-uploader | 2026-06-17 | 7.5 High |
| Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler (dash_uploader/httprequesthandler.py, dash_uploader/upload.py) trusts unsanitized, attacker-controlled upload parameters (e.g. flowTotalChunks) and does not enforce the documented max_file_size limit, allowing a remote, unauthenticated attacker to cause an out-of-memory (OOM) process crash (unbounded range(1, flowTotalChunks + 1) allocation), truncation of the target file to zero bytes (flowTotalChunks=0, where the all([]) == True quirk runs the file-assembly branch on zero chunks), permanent disk exhaustion (never-cleaned-up temporary directories per flowIdentifier), and a complete bypass of the documented max_file_size limit. | ||||
| CVE-2026-54194 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-06-17 | 9.8 Critical |
| Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions. | ||||
| CVE-2025-69113 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions. | ||||
| CVE-2025-69114 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions. | ||||
| CVE-2025-69116 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions. | ||||
| CVE-2025-69118 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions. | ||||
| CVE-2025-69124 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Especio <= 1.0 versions. | ||||
| CVE-2025-69139 | 2 Aivahthemes, Wordpress | 2 Car Zone, Wordpress | 2026-06-17 | 8.6 High |
| Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions. | ||||
| CVE-2025-69142 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Abelle <= 1.22 versions. | ||||
| CVE-2025-69143 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Mission <= 1.22 versions. | ||||
| CVE-2025-69146 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Dom <= 1.24 versions. | ||||
| CVE-2025-69147 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Putter <= 1.17 versions. | ||||
| CVE-2025-69150 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Medeus <= 1.14 versions. | ||||
| CVE-2025-69151 | 2 Themegoods, Wordpress | 2 Grand Car Rental, Wordpress | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions. | ||||
| CVE-2026-8089 | 2026-06-17 | 7.1 High | ||
| The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL. | ||||
| CVE-2025-69159 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Printo <= 1.11 versions. | ||||
| CVE-2025-69160 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Gita <= 1.11 versions. | ||||
| CVE-2025-69162 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Grecko <= 5.17 versions. | ||||