Search
Search Results (359301 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59563 | 2026-06-17 | 8.8 High | ||
| Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions. | ||||
| CVE-2025-69129 | 2026-06-17 | 10 Critical | ||
| Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | ||||
| CVE-2025-69171 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions. | ||||
| CVE-2026-22327 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions. | ||||
| CVE-2026-39589 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions. | ||||
| CVE-2026-22334 | 2026-06-17 | 7.5 High | ||
| Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions. | ||||
| CVE-2026-22343 | 2026-06-17 | 8.6 High | ||
| Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions. | ||||
| CVE-2026-40747 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions. | ||||
| CVE-2026-27041 | 2026-06-17 | 9.9 Critical | ||
| Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions. | ||||
| CVE-2026-39596 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. | ||||
| CVE-2026-40726 | 2026-06-17 | 8.2 High | ||
| Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions. | ||||
| CVE-2026-40749 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions. | ||||
| CVE-2026-40783 | 2026-06-17 | 9.9 Critical | ||
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. | ||||
| CVE-2026-48875 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions. | ||||
| CVE-2026-49075 | 2026-06-17 | 9.8 Critical | ||
| Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions. | ||||
| CVE-2026-42380 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions. | ||||
| CVE-2026-49058 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions. | ||||
| CVE-2026-49079 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions. | ||||
| CVE-2026-22312 | 1 Radiflow | 1 Isap Smart Collector | 2026-06-17 | 8.6 High |
| The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot). | ||||
| CVE-2026-54184 | 2026-06-17 | 8.2 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions. | ||||