Search

Expected end of text, found '.' (at char 17), (line:1, col:18)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359004 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69168 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Spike <= 1.2 versions.
CVE-2025-69176 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.
CVE-2025-69177 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.
CVE-2026-28819 1 Apple 4 Ios And Ipados, Ipados, Iphone Os and 1 more 2026-06-17 5.4 Medium
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2026-45185 1 Exim 1 Exim 2026-06-17 9.8 Critical
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
CVE-2026-29205 2 Webpros, Wordpress 3 Cpanel, Wp Squared, Wordpress 2026-06-17 8.6 High
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
CVE-2026-36828 1 Panabit 1 Pap-xm320 2026-06-17 8.8 High
A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter.
CVE-2025-69178 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.
CVE-2026-12256 2026-06-17 8.8 High
Contributor PHP Object Injection in Avada <= 3.15.3 versions.
CVE-2026-27395 2 Schiocco, Wordpress 2 Support Board, Wordpress 2026-06-17 9.8 Critical
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
CVE-2026-27429 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
CVE-2026-34893 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
CVE-2026-34894 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
CVE-2025-48571 1 Google 1 Android 2026-06-17 4.3 Medium
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2026-34895 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
CVE-2026-39433 2026-06-17 6.5 Medium
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
CVE-2026-39438 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
CVE-2026-39443 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
CVE-2026-39446 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
CVE-2026-39522 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.