Export limit exceeded: 359646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10837 | 1 Password Manager | 1 Password Manager | 2026-06-17 | N/A |
| Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity. | ||||
| CVE-2026-12491 | 1 Redhat | 3 Ai Inference Server, Enterprise Linux Ai, Openshift Ai | 2026-06-17 | 4.8 Medium |
| A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data. | ||||
| CVE-2025-31013 | 2026-06-17 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6. | ||||
| CVE-2025-69123 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. | ||||
| CVE-2025-69174 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Etude <= 1.6 versions. | ||||
| CVE-2026-40733 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions. | ||||
| CVE-2026-52707 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | ||||
| CVE-2026-54814 | 2026-06-17 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | ||||
| CVE-2026-39556 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Konsept <= 1.9 versions. | ||||
| CVE-2026-54802 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions. | ||||
| CVE-2026-54811 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | ||||
| CVE-2026-49071 | 2 Opmc, Wordpress | 2 Woocommerce Dropshipping, Wordpress | 2026-06-17 | 6.5 Medium |
| Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions. | ||||
| CVE-2026-42385 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions. | ||||
| CVE-2025-69111 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. | ||||
| CVE-2026-40731 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions. | ||||
| CVE-2025-69126 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. | ||||
| CVE-2025-69157 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Gamic <= 1.15 versions. | ||||
| CVE-2026-39558 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Malmö <= 2.2 versions. | ||||
| CVE-2019-25293 | 1 Bluestacks | 2 Bluestacks, Bluestacks App Player | 2026-06-17 | 7.8 High |
| BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject malicious executables and escalate privileges. | ||||
| CVE-2026-24575 | 2 Wishlist Member, Wordpress | 2 Wishlist Member X, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions. | ||||