Search

Expected end of text, found '.' (at char 38), (line:1, col:39)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (358680 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39589 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
CVE-2026-22334 2026-06-17 7.5 High
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
CVE-2026-22343 2026-06-17 8.6 High
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-40747 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
CVE-2026-27041 2026-06-17 9.9 Critical
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
CVE-2026-39596 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
CVE-2026-40726 2026-06-17 8.2 High
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
CVE-2026-40749 2026-06-17 9.9 Critical
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
CVE-2026-40783 2026-06-17 9.9 Critical
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2026-48875 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
CVE-2026-49075 2026-06-17 9.8 Critical
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
CVE-2026-42380 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
CVE-2026-49058 2026-06-17 9.8 Critical
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
CVE-2026-49079 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
CVE-2026-22312 1 Radiflow 1 Isap Smart Collector 2026-06-17 8.6 High
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).
CVE-2026-54184 2026-06-17 8.2 High
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
CVE-2026-52696 2026-06-17 7.5 High
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
CVE-2026-54807 2026-06-17 9.8 Critical
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
CVE-2026-26833 1 Mmahrous 1 Thumbler 2026-06-17 9.8 Critical
thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping.
CVE-2026-40688 1 Fortinet 1 Fortiweb 2026-06-17 6.7 Medium
An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.