Export limit exceeded: 359642 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359642 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10850 | 1 Plane | 1 Plane | 2026-06-17 | N/A |
| Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint. | ||||
| CVE-2026-54812 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. | ||||
| CVE-2026-22283 | 2026-06-17 | 7.5 High | ||
| Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2026-39560 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions. | ||||
| CVE-2026-47340 | 1 Apache | 1 Dolphinscheduler | 2026-06-17 | 6.5 Medium |
| Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue. | ||||
| CVE-2025-69158 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Granola <= 1.13 versions. | ||||
| CVE-2026-9690 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions. | ||||
| CVE-2024-24709 | 2 Shareaholic, Wordpress | 2 Shareaholic, Wordpress | 2026-06-17 | 4.3 Medium |
| Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11. | ||||
| CVE-2026-32967 | 1 Apache | 1 Dolphinscheduler | 2026-06-17 | 6.5 Medium |
| Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue. | ||||
| CVE-2026-34888 | 2 Bricksforge, Wordpress | 2 Bricksforge, Wordpress | 2026-06-17 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions. | ||||
| CVE-2026-24611 | 2 Wordpress, Wpmet | 2 Wordpress, Metform Pro | 2026-06-17 | 9.1 Critical |
| Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions. | ||||
| CVE-2026-24610 | 2 Wordpress, Wpmet | 2 Wordpress, Metform Pro | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions. | ||||
| CVE-2026-27410 | 2 Veronalabs, Wordpress | 2 Slimstat Analytics, Wordpress | 2026-06-17 | 6.5 Medium |
| Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions. | ||||
| CVE-2026-22338 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions. | ||||
| CVE-2025-69117 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions. | ||||
| CVE-2026-22326 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions. | ||||
| CVE-2026-22330 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Right Way <= 4.0 versions. | ||||
| CVE-2026-22332 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions. | ||||
| CVE-2025-69145 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Gat <= 1.16 versions. | ||||
| CVE-2026-25446 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | ||||