Export limit exceeded: 359379 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359379 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22327 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions. | ||||
| CVE-2026-39589 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions. | ||||
| CVE-2026-22334 | 2026-06-17 | 7.5 High | ||
| Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions. | ||||
| CVE-2026-22343 | 2026-06-17 | 8.6 High | ||
| Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions. | ||||
| CVE-2026-40747 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions. | ||||
| CVE-2026-27041 | 2026-06-17 | 9.9 Critical | ||
| Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions. | ||||
| CVE-2026-39596 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. | ||||
| CVE-2026-40726 | 2026-06-17 | 8.2 High | ||
| Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions. | ||||
| CVE-2026-40749 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions. | ||||
| CVE-2026-40783 | 2026-06-17 | 9.9 Critical | ||
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. | ||||
| CVE-2026-48875 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions. | ||||
| CVE-2026-49075 | 2026-06-17 | 9.8 Critical | ||
| Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions. | ||||
| CVE-2026-42380 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions. | ||||
| CVE-2026-49058 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions. | ||||
| CVE-2026-49079 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions. | ||||
| CVE-2026-22312 | 1 Radiflow | 1 Isap Smart Collector | 2026-06-17 | 8.6 High |
| The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot). | ||||
| CVE-2026-54184 | 2026-06-17 | 8.2 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions. | ||||
| CVE-2026-52696 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions. | ||||
| CVE-2026-54807 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. | ||||
| CVE-2026-26833 | 1 Mmahrous | 1 Thumbler | 2026-06-17 | 9.8 Critical |
| thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping. | ||||