Search

Expected end of text, found ':' (at char 6), (line:1, col:7)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (358116 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-25470 2026-06-17 10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.
CVE-2026-40722 2026-06-17 5.5 Medium
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6.
CVE-2024-34810 2026-06-17 4.3 Medium
Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.
CVE-2026-12491 1 Redhat 3 Ai Inference Server, Enterprise Linux Ai, Openshift Ai 2026-06-17 4.8 Medium
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.
CVE-2026-54811 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
CVE-2026-54807 2026-06-17 9.8 Critical
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
CVE-2026-54806 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-54805 2026-06-17 8.8 High
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
CVE-2026-54804 2026-06-17 7.6 High
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
CVE-2026-54803 2026-06-17 9.8 Critical
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
CVE-2026-54802 2026-06-17 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-54196 2026-06-17 6.8 Medium
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
CVE-2026-54195 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
CVE-2026-54192 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
CVE-2026-54189 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
CVE-2026-54188 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
CVE-2026-54187 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
CVE-2026-54186 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
CVE-2026-54185 2026-06-17 8.5 High
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
CVE-2026-54184 2026-06-17 8.2 High
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.