Search

Expected end of text, found '.' (at char 19), (line:1, col:20)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (361476 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57877 1 Geovision Inc. 1 Gv-lpclpc2011 2211 2026-06-26 8.6 High
An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service.
CVE-2026-56033 2026-06-26 9.8 Critical
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
CVE-2026-57430 2026-06-26 4.3 Medium
Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.
CVE-2026-57628 2026-06-26 7.6 High
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
CVE-2026-57876 1 Geovision Inc. 1 Gv-lpclpc2011 2211 2026-06-26 7.5 High
An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service.
CVE-2025-63079 2026-06-26 4.3 Medium
Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.
CVE-2025-68064 2026-06-26 7.5 High
Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.
CVE-2026-57647 2026-06-26 7.5 High
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.
CVE-2026-54824 2026-06-26 7.5 High
Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
CVE-2026-57653 2026-06-26 8.5 High
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
CVE-2026-54833 2026-06-26 7.4 High
Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.
CVE-2026-54846 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Syncee Premium Dropshipping &amp; Wholesale <= 1.0.27 versions.
CVE-2026-57659 2026-06-26 8.8 High
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
CVE-2026-57875 1 Geovision Inc. 1 Gv-lpclpc2011 2211 2026-06-26 7.5 High
An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the affected components. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request, causing the affected process to crash and resulting in a denial of service.
CVE-2026-57665 2026-06-26 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
CVE-2026-57641 2026-06-26 6.5 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
CVE-2026-56026 2026-06-26 6.4 Medium
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
CVE-2026-56039 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
CVE-2026-56046 2026-06-26 6.5 Medium
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
CVE-2026-56059 2026-06-26 9.9 Critical
Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.