Export limit exceeded: 359330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359330 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25293 | 1 Bluestacks | 2 Bluestacks, Bluestacks App Player | 2026-06-17 | 7.8 High |
| BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject malicious executables and escalate privileges. | ||||
| CVE-2026-24575 | 2 Wishlist Member, Wordpress | 2 Wishlist Member X, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions. | ||||
| CVE-2026-39597 | 2 Wordpress, Wpzoom | 2 Wordpress, Wpzoom Addons For Elementor | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions. | ||||
| CVE-2025-69172 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Resurs <= 1.3 versions. | ||||
| CVE-2025-69175 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions. | ||||
| CVE-2025-69135 | 2026-06-17 | 8.5 High | ||
| Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions. | ||||
| CVE-2026-39576 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. | ||||
| CVE-2026-22328 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions. | ||||
| CVE-2026-40756 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Zoya <= 1.4 versions. | ||||
| CVE-2025-60229 | 2026-06-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0. | ||||
| CVE-2026-27869 | 1 Teldat | 1 Regesta Smart Hd-plc - Tldph16d2 | 2026-06-17 | N/A |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02. | ||||
| CVE-2025-49403 | 2 Aa-team, Wordpress | 2 Premium Age Verification Restriction For Wordpress, Wordpress | 2026-06-17 | 7.5 High |
| Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions. | ||||
| CVE-2025-69128 | 2026-06-17 | 8.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3. | ||||
| CVE-2025-69120 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. | ||||
| CVE-2025-69140 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions. | ||||
| CVE-2026-39523 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions. | ||||
| CVE-2026-54808 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. | ||||
| CVE-2026-40720 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions. | ||||
| CVE-2026-49108 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Moderno < 1.43 versions. | ||||
| CVE-2026-54819 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | ||||