Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (84273 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-69138 2026-06-17 8.8 High
Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.
CVE-2025-69173 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions.
CVE-2026-48967 2 Dylan Kuhn, Wordpress 2 Geo Mashup, Wordpress 2026-06-17 8.5 High
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
CVE-2026-25439 2 Fs-code, Wordpress 2 Booknetic, Wordpress 2026-06-17 8.1 High
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
CVE-2026-39537 2 Mikado-themes, Wordpress 2 Mikado Core, Wordpress 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
CVE-2026-1784 1 Redhat 2 Openshift, Openshift Container Platform 2026-06-17 8.8 High
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.
CVE-2025-69170 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
CVE-2026-22325 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.
CVE-2026-22331 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.
CVE-2025-59563 2026-06-17 8.8 High
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
CVE-2025-69171 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.
CVE-2026-22334 2026-06-17 7.5 High
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
CVE-2026-22343 2026-06-17 8.6 High
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-40726 2026-06-17 8.2 High
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
CVE-2026-22312 1 Radiflow 1 Isap Smart Collector 2026-06-17 8.6 High
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).
CVE-2026-54184 2026-06-17 8.2 High
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
CVE-2026-52696 2026-06-17 7.5 High
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
CVE-2026-54805 2026-06-17 8.8 High
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
CVE-2026-7256 1 Zyxel 2 Wre6505, Wre6505 Firmware 2026-06-17 8.8 High
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.
CVE-2026-48695 1 Pavel-odintsov 1 Fastnetmon 2026-06-17 8.1 High
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg().