Search

Expected end of text, found '.' (at char 13), (line:1, col:14)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (361375 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57875 1 Geovision Inc. 1 Gv-lpclpc2011 2211 2026-06-26 7.5 High
An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the affected components. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request, causing the affected process to crash and resulting in a denial of service.
CVE-2026-57665 2026-06-26 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
CVE-2026-57641 2026-06-26 6.5 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
CVE-2026-56026 2026-06-26 6.4 Medium
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
CVE-2026-56066 2026-06-26 5.8 Medium
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.
CVE-2026-56032 2026-06-26 9.8 Critical
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
CVE-2026-56039 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
CVE-2026-56046 2026-06-26 6.5 Medium
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
CVE-2026-56059 2026-06-26 9.9 Critical
Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.
CVE-2026-57312 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
CVE-2026-57318 2026-06-26 6.5 Medium
Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.
CVE-2026-57325 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
CVE-2026-54090 1 Filebrowser 1 Filebrowser 2026-06-26 N/A
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. /bin/sh -c), the command allowlist can be bypassed through shell metacharacters. The allowlist validates only the first token of user input, but the entire raw string is handed to the shell — semicolons, pipes, backticks, and $() all work to chain arbitrary commands after a permitted one. This vulnerability is fixed in 2.33.8.
CVE-2026-57627 2026-06-26 4.9 Medium
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
CVE-2026-57633 2026-06-26 5.3 Medium
Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.
CVE-2026-57640 2026-06-26 4.3 Medium
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
CVE-2026-57646 2026-06-26 5.4 Medium
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
CVE-2026-57652 2026-06-26 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
CVE-2026-57658 2026-06-26 9.1 Critical
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
CVE-2026-57664 2026-06-26 4.3 Medium
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.