Search

Expected end of text, found '.' (at char 17), (line:1, col:18)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (360530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-12491 1 Redhat 3 Ai Inference Server, Enterprise Linux Ai, Openshift Ai 2026-06-17 4.8 Medium
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.
CVE-2025-31013 2026-06-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6.
CVE-2025-69123 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
CVE-2025-69174 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
CVE-2026-40733 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
CVE-2026-52707 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
CVE-2026-39556 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
CVE-2026-49071 2 Opmc, Wordpress 2 Woocommerce Dropshipping, Wordpress 2026-06-17 6.5 Medium
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
CVE-2025-69111 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
CVE-2026-40731 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
CVE-2025-69126 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
CVE-2025-69157 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
CVE-2026-39558 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
CVE-2019-25293 1 Bluestacks 2 Bluestacks, Bluestacks App Player 2026-06-17 7.8 High
BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject malicious executables and escalate privileges.
CVE-2026-24575 2 Wishlist Member, Wordpress 2 Wishlist Member X, Wordpress 2026-06-17 4.3 Medium
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
CVE-2026-39597 2 Wordpress, Wpzoom 2 Wordpress, Wpzoom Addons For Elementor 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
CVE-2025-69172 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.
CVE-2026-39576 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
CVE-2026-40756 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
CVE-2026-27869 1 Teldat 1 Regesta Smart Hd-plc - Tldph16d2 2026-06-17 N/A
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.