Export limit exceeded: 359296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60223 | 2026-06-17 | 7.7 High | ||
| Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions. | ||||
| CVE-2024-47477 | 2026-06-17 | 6.5 Medium | ||
| Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning. | ||||
| CVE-2026-53874 | 1 Mmaitre314 | 1 Picklescan | 2026-06-17 | 9.8 Critical |
| picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle is loaded from untrusted sources. | ||||
| CVE-2025-62340 | 2026-06-17 | 3.1 Low | ||
| HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity | ||||
| CVE-2025-59872 | 2026-06-17 | 4.3 Medium | ||
| HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code | ||||
| CVE-2026-11975 | 1 Simplcommerce | 1 Simplcommerce | 2026-06-17 | N/A |
| Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw() | ||||
| CVE-2026-10839 | 1 Password Manager | 1 Password Manager | 2026-06-17 | N/A |
| Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity. | ||||
| CVE-2026-10837 | 1 Password Manager | 1 Password Manager | 2026-06-17 | N/A |
| Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity. | ||||
| CVE-2026-11857 | 2026-06-17 | N/A | ||
| Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local authenticated attacker can connect to the local named pipe, obtain the .NET Remoting endpoint, and send specially crafted serialized objects. Successful exploitation results in arbitrary code execution in the context of the update process with NT AUTHORITY\SYSTEM privileges. Network-only exploitation is not possible and local host access with an authenticated user session is required. | ||||
| CVE-2026-11858 | 2026-06-17 | N/A | ||
| Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation. | ||||
| CVE-2026-39559 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions. | ||||
| CVE-2026-54815 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | ||||
| CVE-2026-54803 | 2026-06-17 | 9.8 Critical | ||
| Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions. | ||||
| CVE-2026-12491 | 1 Redhat | 3 Ai Inference Server, Enterprise Linux Ai, Openshift Ai | 2026-06-17 | 4.8 Medium |
| A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data. | ||||
| CVE-2025-31013 | 2026-06-17 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6. | ||||
| CVE-2025-69123 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. | ||||
| CVE-2025-69174 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Etude <= 1.6 versions. | ||||
| CVE-2026-40733 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions. | ||||
| CVE-2026-52707 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | ||||
| CVE-2026-54814 | 2026-06-17 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | ||||