Export limit exceeded: 359603 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359603 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359603 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48695 | 1 Pavel-odintsov | 1 Fastnetmon | 2026-06-17 | 8.1 High |
| FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg(). | ||||
| CVE-2026-34005 | 1 Xiongmai | 1 Dvr/nvr Devices | 2026-06-17 | 8.8 High |
| In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used. | ||||
| CVE-2026-47964 | 1 Adobe | 1 Dng Sdk | 2026-06-17 | 7.8 High |
| DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-54194 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-06-17 | 9.8 Critical |
| Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions. | ||||
| CVE-2025-69113 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions. | ||||
| CVE-2025-69114 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions. | ||||
| CVE-2025-69116 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions. | ||||
| CVE-2025-69118 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions. | ||||
| CVE-2025-69119 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions. | ||||
| CVE-2025-69121 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions. | ||||
| CVE-2025-69122 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions. | ||||
| CVE-2025-69124 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Especio <= 1.0 versions. | ||||
| CVE-2025-69125 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions. | ||||
| CVE-2025-69131 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | ||||
| CVE-2025-69136 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions. | ||||
| CVE-2025-69137 | 2026-06-17 | 6.5 Medium | ||
| Subscriber Broken Access Control in Genemy <= 1.6.6 versions. | ||||
| CVE-2025-69139 | 2 Aivahthemes, Wordpress | 2 Car Zone, Wordpress | 2026-06-17 | 8.6 High |
| Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions. | ||||
| CVE-2025-69141 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions. | ||||
| CVE-2025-69142 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Abelle <= 1.22 versions. | ||||
| CVE-2025-69143 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Mission <= 1.22 versions. | ||||