Search
Search Results (359062 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69106 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions. | ||||
| CVE-2025-68524 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions. | ||||
| CVE-2025-59554 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions. | ||||
| CVE-2025-15657 | 2026-06-17 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions. | ||||
| CVE-2026-54193 | 2026-06-17 | 7.7 High | ||
| Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions. | ||||
| CVE-2024-37496 | 2026-06-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. | ||||
| CVE-2026-2604 | 2 Gnome, Redhat | 2 Evolution-data-server, Enterprise Linux | 2026-06-17 | 5.6 Medium |
| A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files. | ||||
| CVE-2026-37281 | 1 Hitarth-gg | 1 Zenshin | 2026-06-17 | 9.8 Critical |
| An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter. | ||||
| CVE-2026-22325 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions. | ||||
| CVE-2026-22331 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions. | ||||
| CVE-2025-59563 | 2026-06-17 | 8.8 High | ||
| Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions. | ||||
| CVE-2025-69129 | 2026-06-17 | 10 Critical | ||
| Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | ||||
| CVE-2025-69171 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions. | ||||
| CVE-2026-22327 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions. | ||||
| CVE-2026-39546 | 2026-06-17 | 7.6 High | ||
| Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions. | ||||
| CVE-2026-39589 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions. | ||||
| CVE-2026-22334 | 2026-06-17 | 7.5 High | ||
| Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions. | ||||
| CVE-2026-22343 | 2026-06-17 | 8.6 High | ||
| Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions. | ||||
| CVE-2026-40747 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions. | ||||
| CVE-2026-27041 | 2026-06-17 | 9.9 Critical | ||
| Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions. | ||||