Search

Expected end of text, found '.' (at char 40), (line:1, col:41)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359004 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37496 2026-06-17 4.3 Medium
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.
CVE-2026-2604 2 Gnome, Redhat 2 Evolution-data-server, Enterprise Linux 2026-06-17 5.6 Medium
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files.
CVE-2026-37281 1 Hitarth-gg 1 Zenshin 2026-06-17 9.8 Critical
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.
CVE-2026-22325 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.
CVE-2026-22331 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.
CVE-2025-59563 2026-06-17 8.8 High
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
CVE-2025-69129 2026-06-17 10 Critical
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-69171 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.
CVE-2026-22327 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
CVE-2026-39546 2026-06-17 7.6 High
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
CVE-2026-39589 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
CVE-2026-22334 2026-06-17 7.5 High
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
CVE-2026-22343 2026-06-17 8.6 High
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-40747 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
CVE-2026-27041 2026-06-17 9.9 Critical
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
CVE-2025-59872 2026-06-17 4.3 Medium
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code
CVE-2026-39596 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
CVE-2026-40726 2026-06-17 8.2 High
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
CVE-2026-40749 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
CVE-2026-40783 2026-06-17 9.9 Critical
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.