Export limit exceeded: 361510 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361510 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68064 | 2026-06-26 | 7.5 High | ||
| Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. | ||||
| CVE-2026-57647 | 2026-06-26 | 7.5 High | ||
| Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. | ||||
| CVE-2026-54824 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions. | ||||
| CVE-2026-54833 | 2026-06-26 | 7.4 High | ||
| Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions. | ||||
| CVE-2026-54846 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions. | ||||
| CVE-2026-57659 | 2026-06-26 | 8.8 High | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | ||||
| CVE-2026-57875 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 7.5 High |
| An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the affected components. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request, causing the affected process to crash and resulting in a denial of service. | ||||
| CVE-2026-57665 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | ||||
| CVE-2026-57641 | 2026-06-26 | 6.5 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions. | ||||
| CVE-2026-56026 | 2026-06-26 | 6.4 Medium | ||
| Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions. | ||||
| CVE-2026-56039 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions. | ||||
| CVE-2026-56046 | 2026-06-26 | 6.5 Medium | ||
| Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions. | ||||
| CVE-2026-56059 | 2026-06-26 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions. | ||||
| CVE-2026-57325 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions. | ||||
| CVE-2026-54090 | 1 Filebrowser | 1 Filebrowser | 2026-06-26 | N/A |
| File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. /bin/sh -c), the command allowlist can be bypassed through shell metacharacters. The allowlist validates only the first token of user input, but the entire raw string is handed to the shell — semicolons, pipes, backticks, and $() all work to chain arbitrary commands after a permitted one. This vulnerability is fixed in 2.33.8. | ||||
| CVE-2026-57627 | 2026-06-26 | 4.9 Medium | ||
| Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. | ||||
| CVE-2026-57633 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions. | ||||
| CVE-2026-57640 | 2026-06-26 | 4.3 Medium | ||
| Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions. | ||||
| CVE-2026-57664 | 2026-06-26 | 4.3 Medium | ||
| Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | ||||
| CVE-2026-57874 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 7.5 High |
| An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this vulnerability by sending a crafted upload request with overly long input, causing memory corruption and resulting in a denial of service. | ||||