Search

Expected end of text, found '.' (at char 20), (line:1, col:21)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (358875 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-34005 1 Xiongmai 1 Dvr/nvr Devices 2026-06-17 8.8 High
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used.
CVE-2024-31435 2026-06-17 4.3 Medium
: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6.
CVE-2026-47964 1 Adobe 1 Dng Sdk 2026-06-17 7.8 High
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-41280 2026-06-17 4.9 Medium
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.
CVE-2026-54194 2 Themefusion, Wordpress 2 Fusion Builder, Wordpress 2026-06-17 9.8 Critical
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
CVE-2025-69113 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.
CVE-2025-69114 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.
CVE-2025-69116 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.
CVE-2025-69118 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions.
CVE-2025-69119 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.
CVE-2025-69121 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.
CVE-2025-69122 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
CVE-2025-69124 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Especio <= 1.0 versions.
CVE-2025-69125 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.
CVE-2025-69131 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-69136 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions.
CVE-2025-69137 2026-06-17 6.5 Medium
Subscriber Broken Access Control in Genemy <= 1.6.6 versions.
CVE-2025-69139 2 Aivahthemes, Wordpress 2 Car Zone, Wordpress 2026-06-17 8.6 High
Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions.
CVE-2025-69141 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.
CVE-2025-69142 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Abelle <= 1.22 versions.