Export limit exceeded: 359569 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359569 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36828 | 1 Panabit | 1 Pap-xm320 | 2026-06-17 | 8.8 High |
| A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter. | ||||
| CVE-2025-69178 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions. | ||||
| CVE-2026-12256 | 2026-06-17 | 8.8 High | ||
| Contributor PHP Object Injection in Avada <= 3.15.3 versions. | ||||
| CVE-2026-27395 | 2 Schiocco, Wordpress | 2 Support Board, Wordpress | 2026-06-17 | 9.8 Critical |
| Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions. | ||||
| CVE-2026-27429 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions. | ||||
| CVE-2026-34893 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions. | ||||
| CVE-2026-34894 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions. | ||||
| CVE-2026-39433 | 2026-06-17 | 6.5 Medium | ||
| Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions. | ||||
| CVE-2026-39522 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Solene <= 3.4 versions. | ||||
| CVE-2026-39539 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions. | ||||
| CVE-2026-39547 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Getaway < 1.8 versions. | ||||
| CVE-2026-28576 | 1 Android | 1 Android | 2026-06-17 | N/A |
| In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-39549 | 2 Elated-themes, Wordpress | 2 Aperitif, Wordpress | 2026-06-17 | 8.1 High |
| Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions. | ||||
| CVE-2026-39554 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions. | ||||
| CVE-2026-28587 | 1 Google | 1 Android | 2026-06-17 | N/A |
| In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-39557 | 2 Elated-themes, Wordpress | 2 Neobeat, Wordpress | 2026-06-17 | 8.1 High |
| Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions. | ||||
| CVE-2026-39567 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions. | ||||
| CVE-2026-39568 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions. | ||||
| CVE-2026-39577 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions. | ||||
| CVE-2026-39578 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Valiance <= 1.2 versions. | ||||