Export limit exceeded: 358957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358957 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39478 | 2026-06-16 | 8.8 High | ||
| Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions. | ||||
| CVE-2026-39519 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions. | ||||
| CVE-2026-50255 | 2026-06-16 | N/A | ||
| Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges. | ||||
| CVE-2026-39493 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions. | ||||
| CVE-2026-39511 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions. | ||||
| CVE-2026-39533 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions. | ||||
| CVE-2026-39587 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions. | ||||
| CVE-2026-40743 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-06-16 | 6.5 Medium |
| Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions. | ||||
| CVE-2026-40771 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions. | ||||
| CVE-2026-40779 | 2026-06-16 | 7.7 High | ||
| Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions. | ||||
| CVE-2025-24211 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-16 | 9.8 Critical |
| This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2026-21962 | 1 Oracle | 3 Http Server, Http Server Oracle Weblogic Server Proxy Plug-in, Weblogic Server Proxy Plug-in | 2026-06-16 | 10 Critical |
| Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). | ||||
| CVE-2026-25089 | 1 Fortinet | 5 Fortisandbox, Fortisandbox Cloud, Fortisandbox Paas and 2 more | 2026-06-16 | 9.1 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests | ||||
| CVE-2026-42664 | 2026-06-16 | 8.2 High | ||
| Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions. | ||||
| CVE-2026-45439 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions. | ||||
| CVE-2026-48876 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions. | ||||
| CVE-2026-10825 | 1 Moxa | 1 Nport 6000-g2 Series | 2026-06-16 | N/A |
| A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot. | ||||
| CVE-2026-40215 | 1 Openvpn | 1 Openvpn | 2026-06-16 | N/A |
| A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion. | ||||
| CVE-2026-39490 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions. | ||||
| CVE-2026-9669 | 1 Python | 1 Cpython | 2026-06-16 | 5.9 Medium |
| bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data. | ||||