Export limit exceeded: 361449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57875 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 7.5 High |
| An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the affected components. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request, causing the affected process to crash and resulting in a denial of service. | ||||
| CVE-2026-57665 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | ||||
| CVE-2026-57641 | 2026-06-26 | 6.5 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions. | ||||
| CVE-2026-56026 | 2026-06-26 | 6.4 Medium | ||
| Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions. | ||||
| CVE-2026-56039 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions. | ||||
| CVE-2026-56046 | 2026-06-26 | 6.5 Medium | ||
| Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions. | ||||
| CVE-2026-56059 | 2026-06-26 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions. | ||||
| CVE-2026-57318 | 2026-06-26 | 6.5 Medium | ||
| Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions. | ||||
| CVE-2026-57325 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions. | ||||
| CVE-2026-54090 | 1 Filebrowser | 1 Filebrowser | 2026-06-26 | N/A |
| File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. /bin/sh -c), the command allowlist can be bypassed through shell metacharacters. The allowlist validates only the first token of user input, but the entire raw string is handed to the shell — semicolons, pipes, backticks, and $() all work to chain arbitrary commands after a permitted one. This vulnerability is fixed in 2.33.8. | ||||
| CVE-2026-57627 | 2026-06-26 | 4.9 Medium | ||
| Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. | ||||
| CVE-2026-57633 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions. | ||||
| CVE-2026-57640 | 2026-06-26 | 4.3 Medium | ||
| Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions. | ||||
| CVE-2026-57646 | 2026-06-26 | 5.4 Medium | ||
| Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions. | ||||
| CVE-2026-57652 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions. | ||||
| CVE-2026-57664 | 2026-06-26 | 4.3 Medium | ||
| Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | ||||
| CVE-2026-57874 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 7.5 High |
| An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this vulnerability by sending a crafted upload request with overly long input, causing memory corruption and resulting in a denial of service. | ||||
| CVE-2026-9717 | 1 Schneider-electric | 1 Powerlogic P7 | 2026-06-26 | N/A |
| CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service. | ||||
| CVE-2025-10268 | 2026-06-26 | 5.3 Medium | ||
| The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server. | ||||
| CVE-2026-57873 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 7.5 High |
| An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service. | ||||