Search

Expected end of text, found ':' (at char 25), (line:1, col:26)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (360193 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-34005 1 Xiongmai 1 Dvr/nvr Devices 2026-06-17 8.8 High
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used.
CVE-2026-47964 1 Adobe 1 Dng Sdk 2026-06-17 7.8 High
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-54194 2 Themefusion, Wordpress 2 Fusion Builder, Wordpress 2026-06-17 9.8 Critical
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
CVE-2025-69113 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.
CVE-2025-69114 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.
CVE-2025-69116 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.
CVE-2025-69118 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions.
CVE-2025-69124 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Especio <= 1.0 versions.
CVE-2025-69139 2 Aivahthemes, Wordpress 2 Car Zone, Wordpress 2026-06-17 8.6 High
Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions.
CVE-2025-69142 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Abelle <= 1.22 versions.
CVE-2025-69143 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Mission <= 1.22 versions.
CVE-2025-69146 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Dom <= 1.24 versions.
CVE-2025-69147 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Putter <= 1.17 versions.
CVE-2025-69150 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Medeus <= 1.14 versions.
CVE-2025-69151 2 Themegoods, Wordpress 2 Grand Car Rental, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
CVE-2026-8089 2026-06-17 7.1 High
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL.
CVE-2025-69159 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Printo <= 1.11 versions.
CVE-2025-69160 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Gita <= 1.11 versions.
CVE-2025-69162 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.
CVE-2026-8383 2026-06-17 5.3 Medium
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request