Export limit exceeded: 359192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359192 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58952 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions. | ||||
| CVE-2025-60218 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions. | ||||
| CVE-2025-69138 | 2026-06-17 | 8.8 High | ||
| Subscriber Privilege Escalation in Genemy <= 1.6.6 versions. | ||||
| CVE-2025-69173 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions. | ||||
| CVE-2026-48967 | 2 Dylan Kuhn, Wordpress | 2 Geo Mashup, Wordpress | 2026-06-17 | 8.5 High |
| Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions. | ||||
| CVE-2026-25439 | 2 Fs-code, Wordpress | 2 Booknetic, Wordpress | 2026-06-17 | 8.1 High |
| Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions. | ||||
| CVE-2026-49107 | 2 Thrivethemes, Wordpress | 2 Thrive Apprentice, Wordpress | 2026-06-17 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions. | ||||
| CVE-2026-49767 | 2 Tomdever, Wordpress | 2 Wpforo Forum, Wordpress | 2026-06-17 | 9.8 Critical |
| Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions. | ||||
| CVE-2026-54186 | 2 Eyecix, Wordpress | 2 Jobsearch, Wordpress | 2026-06-17 | 9.3 Critical |
| Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions. | ||||
| CVE-2026-39537 | 2 Mikado-themes, Wordpress | 2 Mikado Core, Wordpress | 2026-06-17 | 8.1 High |
| Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions. | ||||
| CVE-2026-12443 | 1 Google | 1 Chrome | 2026-06-17 | 8.8 High |
| Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-1784 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2026-06-17 | 8.8 High |
| The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration. | ||||
| CVE-2026-27868 | 1 Teldat | 1 Regesta Smart Hd-plc - Tldph16d2 | 2026-06-17 | N/A |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02. | ||||
| CVE-2026-12437 | 1 Google | 1 Chrome | 2026-06-17 | 8.3 High |
| Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-27870 | 1 Teldat | 1 Regesta Smart Hd-plc - Tldph16d2 | 2026-06-17 | N/A |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS) payload into the 'Hostname' field of the configuration file resulting in a XSS in the path /upgrade/query.php?cmd=p+3%3Bversion. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02. | ||||
| CVE-2025-69170 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions. | ||||
| CVE-2025-69164 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Skyward <= 1.10 versions. | ||||
| CVE-2025-69144 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Preservation <= 1.10 versions. | ||||
| CVE-2024-37496 | 2026-06-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. | ||||
| CVE-2026-2604 | 2 Gnome, Redhat | 2 Evolution-data-server, Enterprise Linux | 2026-06-17 | 5.6 Medium |
| A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files. | ||||