Export limit exceeded: 359236 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359236 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-29205 | 2 Webpros, Wordpress | 3 Cpanel, Wp Squared, Wordpress | 2026-06-17 | 8.6 High |
| Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints. | ||||
| CVE-2026-36828 | 1 Panabit | 1 Pap-xm320 | 2026-06-17 | 8.8 High |
| A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter. | ||||
| CVE-2025-69178 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions. | ||||
| CVE-2026-12256 | 2026-06-17 | 8.8 High | ||
| Contributor PHP Object Injection in Avada <= 3.15.3 versions. | ||||
| CVE-2026-27395 | 2 Schiocco, Wordpress | 2 Support Board, Wordpress | 2026-06-17 | 9.8 Critical |
| Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions. | ||||
| CVE-2026-27429 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions. | ||||
| CVE-2026-34893 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions. | ||||
| CVE-2026-34894 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions. | ||||
| CVE-2026-34895 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions. | ||||
| CVE-2026-39433 | 2026-06-17 | 6.5 Medium | ||
| Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions. | ||||
| CVE-2026-39438 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions. | ||||
| CVE-2026-39443 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions. | ||||
| CVE-2026-39446 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions. | ||||
| CVE-2026-39522 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Solene <= 3.4 versions. | ||||
| CVE-2026-39529 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions. | ||||
| CVE-2026-39539 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions. | ||||
| CVE-2026-39547 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Getaway < 1.8 versions. | ||||
| CVE-2026-28576 | 1 Android | 1 Android | 2026-06-17 | N/A |
| In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-39548 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions. | ||||
| CVE-2026-39549 | 2 Elated-themes, Wordpress | 2 Aperitif, Wordpress | 2026-06-17 | 8.1 High |
| Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions. | ||||