Search

Expected end of text, found '.' (at char 14), (line:1, col:15)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-25293 1 Bluestacks 2 Bluestacks, Bluestacks App Player 2026-06-17 7.8 High
BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject malicious executables and escalate privileges.
CVE-2026-24575 2 Wishlist Member, Wordpress 2 Wishlist Member X, Wordpress 2026-06-17 4.3 Medium
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
CVE-2026-39597 2 Wordpress, Wpzoom 2 Wordpress, Wpzoom Addons For Elementor 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
CVE-2025-69172 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.
CVE-2025-69175 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
CVE-2025-69135 2026-06-17 8.5 High
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
CVE-2026-39576 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
CVE-2026-22328 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.
CVE-2026-40756 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
CVE-2025-60229 2026-06-17 9.8 Critical
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.
CVE-2026-27869 1 Teldat 1 Regesta Smart Hd-plc - Tldph16d2 2026-06-17 N/A
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
CVE-2025-49403 2 Aa-team, Wordpress 2 Premium Age Verification Restriction For Wordpress, Wordpress 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
CVE-2025-69128 2026-06-17 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3.
CVE-2025-69120 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
CVE-2025-69140 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
CVE-2026-39523 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
CVE-2026-54808 2026-06-17 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.
CVE-2026-40720 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
CVE-2026-49108 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
CVE-2026-54819 2026-06-17 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0.