Search

Expected end of text, found '.' (at char 57), (line:1, col:58)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-40752 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
CVE-2026-39560 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
CVE-2026-47340 1 Apache 1 Dolphinscheduler 2026-06-17 6.5 Medium
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2026-40738 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
CVE-2025-69158 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
CVE-2025-69189 2026-06-17 7.3 High
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3.
CVE-2026-9690 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
CVE-2024-24709 2 Shareaholic, Wordpress 2 Shareaholic, Wordpress 2026-06-17 4.3 Medium
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2026-32967 1 Apache 1 Dolphinscheduler 2026-06-17 6.5 Medium
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2026-32966 2026-06-17 7.5 High
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVE-2026-34888 2 Bricksforge, Wordpress 2 Bricksforge, Wordpress 2026-06-17 7.5 High
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
CVE-2026-24611 2 Wordpress, Wpmet 2 Wordpress, Metform Pro 2026-06-17 9.1 Critical
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-24610 2 Wordpress, Wpmet 2 Wordpress, Metform Pro 2026-06-17 4.3 Medium
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-27410 2 Veronalabs, Wordpress 2 Slimstat Analytics, Wordpress 2026-06-17 6.5 Medium
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
CVE-2026-22339 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
CVE-2024-49269 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
CVE-2026-22338 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.
CVE-2025-59560 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
CVE-2025-69117 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
CVE-2026-22329 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.