Search
Search Results (358426 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69130 | 2026-06-17 | 8.8 High | ||
| Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions. | ||||
| CVE-2025-69127 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions. | ||||
| CVE-2025-69126 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. | ||||
| CVE-2025-69123 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. | ||||
| CVE-2025-69120 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. | ||||
| CVE-2025-69115 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions. | ||||
| CVE-2025-69111 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. | ||||
| CVE-2025-69106 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions. | ||||
| CVE-2025-68524 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions. | ||||
| CVE-2025-59554 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions. | ||||
| CVE-2025-15657 | 2026-06-17 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions. | ||||
| CVE-2026-54193 | 2026-06-17 | 7.7 High | ||
| Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions. | ||||
| CVE-2024-37496 | 2026-06-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. | ||||
| CVE-2026-2604 | 2 Gnome, Redhat | 2 Evolution-data-server, Enterprise Linux | 2026-06-17 | 5.6 Medium |
| A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files. | ||||
| CVE-2026-37281 | 1 Hitarth-gg | 1 Zenshin | 2026-06-17 | 9.8 Critical |
| An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter. | ||||
| CVE-2026-22325 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions. | ||||
| CVE-2026-22331 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions. | ||||
| CVE-2025-59563 | 2026-06-17 | 8.8 High | ||
| Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions. | ||||
| CVE-2025-69129 | 2026-06-17 | 10 Critical | ||
| Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | ||||
| CVE-2025-69171 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions. | ||||