Export limit exceeded: 361759 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (361759 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54802 2026-06-17 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-54195 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
CVE-2026-49778 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-45436 2026-06-17 6.5 Medium
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
CVE-2026-42629 2026-06-17 8.8 High
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-42385 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
CVE-2026-40735 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
CVE-2026-40731 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
CVE-2026-40721 2026-06-17 7.5 High
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
CVE-2026-39558 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
CVE-2026-34888 2026-06-17 7.5 High
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
CVE-2026-25446 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
CVE-2026-24610 2026-06-17 4.3 Medium
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-9690 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
CVE-2025-58954 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
CVE-2026-25836 1 Fortinet 3 Fortisandbox Cloud, Fortisandboxcloud, Fortisandboxpaas 2026-06-17 6.7 Medium
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
CVE-2026-26795 1 Gl-inet 3 Ar300m16, Ar300m16 Firmware, Gl-ar300m16 2026-06-17 9.8 Critical
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
CVE-2026-32746 1 Gnu 1 Inetutils 2026-06-17 9.8 Critical
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVE-2026-31386 2 Litespeed Technologies, Litespeedtech 4 Lsws Enterprise, Openlitespeed, Litespeed Web Server and 1 more 2026-06-17 N/A
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
CVE-2026-26830 2 Mooz, Pdf-image Project 2 Pdf-image, Pdf-image 2026-06-17 9.8 Critical
pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec()