Export limit exceeded: 359291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359291 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40746 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions. | ||||
| CVE-2025-69130 | 2026-06-17 | 8.8 High | ||
| Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions. | ||||
| CVE-2025-69166 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions. | ||||
| CVE-2026-40768 | 2026-06-17 | 7.3 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions. | ||||
| CVE-2026-39445 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions. | ||||
| CVE-2026-39590 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions. | ||||
| CVE-2026-40735 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Reina <= 2.1 versions. | ||||
| CVE-2026-40757 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Château <= 1.2.1 versions. | ||||
| CVE-2025-60230 | 2026-06-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9. | ||||
| CVE-2026-40723 | 2 Bricks, Wordpress | 2 Bricks Builder, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions. | ||||
| CVE-2026-40721 | 2026-06-17 | 7.5 High | ||
| Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions. | ||||
| CVE-2026-54809 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | ||||
| CVE-2026-39582 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions. | ||||
| CVE-2026-39573 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions. | ||||
| CVE-2025-60223 | 2026-06-17 | 7.7 High | ||
| Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions. | ||||
| CVE-2024-47477 | 2026-06-17 | 6.5 Medium | ||
| Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning. | ||||
| CVE-2026-53874 | 1 Mmaitre314 | 1 Picklescan | 2026-06-17 | 9.8 Critical |
| picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle is loaded from untrusted sources. | ||||
| CVE-2026-3490 | 1 Mmaitre314 | 1 Picklescan | 2026-06-17 | 10 Critical |
| picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution. | ||||
| CVE-2025-62340 | 2026-06-17 | 3.1 Low | ||
| HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity | ||||
| CVE-2025-59872 | 2026-06-17 | 4.3 Medium | ||
| HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code | ||||