Export limit exceeded: 355048 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355048 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58705 | 2 Axiomthemes, Wordpress | 2 Crafti, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12. | ||||
| CVE-2026-42670 | 2 Etoile Web Design Incorporated, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-06-02 | 7.5 High |
| Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14. | ||||
| CVE-2026-42684 | 2 Ahmad, Wordpress | 2 Wp Job Portal, Wordpress | 2026-06-02 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1. | ||||
| CVE-2026-42685 | 2 Ahmad, Wordpress | 2 Wp Job Portal, Wordpress | 2026-06-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1. | ||||
| CVE-2026-39550 | 2 Elated-themes, Wordpress | 2 Aperitif, Wordpress | 2026-06-02 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6. | ||||
| CVE-2026-39551 | 2 Elated-themes, Wordpress | 2 Töbel, Wordpress | 2026-06-02 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1. | ||||
| CVE-2026-8993 | 1 Ditec | 1 D.launcher 2 | 2026-06-02 | 6.5 Medium |
| D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF (Server Side Request Forgery) attacks. User interaction is required as potential victim needs to open a specially crafted URL. | ||||
| CVE-2026-39552 | 2 Code Supply Co., Wordpress | 2 Blueprint, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5. | ||||
| CVE-2026-39553 | 2 Select-themes, Wordpress | 2 Waveride, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4. | ||||
| CVE-2026-9844 | 1 Roche Diagnostics | 1 Navify Digital Pathology | 2026-06-02 | N/A |
| Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1. | ||||
| CVE-2019-25717 | 1 Draeger | 2 Infinity Delta, Infinity Kappa | 2026-06-02 | 4.3 Medium |
| Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files. | ||||
| CVE-2025-58707 | 2 Axiomthemes, Wordpress | 2 Spin, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8. | ||||
| CVE-2025-58897 | 2 Axiomthemes, Wordpress | 2 Fermentio, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0. | ||||
| CVE-2025-69369 | 2 Axiomthemes, Wordpress | 2 Racquet, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0. | ||||
| CVE-2025-68886 | 2 Androthemes, Wordpress | 2 Cookiteer, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8. | ||||
| CVE-2019-25719 | 1 Draeger | 2 Infinity Acute Care System, Standalone Infinity M540 Patient Monitor | 2026-06-02 | 8.6 High |
| Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attackers with access to an enabled Infinity network port or physical proximity to a wireless access point can modify device settings such as alarm states or alarm limits, and overwhelm the system with incoming data causing the device to reboot and lose network functionality. | ||||
| CVE-2026-10622 | 1 Collibra | 2 Collibra Platform (on-prem), Collibra Platform (saas) | 2026-06-02 | 8.2 High |
| Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints. | ||||
| CVE-2026-27351 | 2 Sekander Badsha, Wordpress | 2 Crew Hrm, Wordpress | 2026-06-02 | 5.4 Medium |
| Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2. | ||||
| CVE-2026-47117 | 1 Maziyarpanahi | 1 Openmed | 2026-06-02 | 9.8 Critical |
| OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model_name parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path that loads Hugging Face models with trust_remote_code=True. An unauthenticated attacker can supply a malicious model repository containing custom Transformers code via auto_map in config.json or tokenizer_config.json, which is imported and executed with the privileges of the OpenMed service process. | ||||
| CVE-2026-10046 | 1 Bitdefender | 1 Napoca Bare-metal Hypervisor | 2026-06-02 | N/A |
| Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI register values without validating that the resulting address remains within the 1MB RealModeMemory allocation. A malicious guest operating in real mode can trigger the issue by invoking INT 0x15 with AX=0xE820, EDX=0x534D4150, ECX greater than or equal to 20, EBX=0, ES=0xFFFF, and EDI=0xFFFF. This can cause a write of up to 20 bytes past the end of the RealModeMemory buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned. | ||||