Export limit exceeded: 359539 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359539 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359539 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49071 | 2 Opmc, Wordpress | 2 Woocommerce Dropshipping, Wordpress | 2026-06-17 | 6.5 Medium |
| Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions. | ||||
| CVE-2026-42385 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions. | ||||
| CVE-2026-40753 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions. | ||||
| CVE-2025-68524 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions. | ||||
| CVE-2025-69111 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. | ||||
| CVE-2026-40731 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions. | ||||
| CVE-2025-69126 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. | ||||
| CVE-2026-49081 | 2026-06-17 | 8.2 High | ||
| Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions. | ||||
| CVE-2025-69157 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Gamic <= 1.15 versions. | ||||
| CVE-2026-39558 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Malmö <= 2.2 versions. | ||||
| CVE-2026-27400 | 2026-06-17 | 8.6 High | ||
| Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions. | ||||
| CVE-2019-25293 | 1 Bluestacks | 2 Bluestacks, Bluestacks App Player | 2026-06-17 | 7.8 High |
| BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject malicious executables and escalate privileges. | ||||
| CVE-2026-24575 | 2 Wishlist Member, Wordpress | 2 Wishlist Member X, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions. | ||||
| CVE-2026-39597 | 2 Wordpress, Wpzoom | 2 Wordpress, Wpzoom Addons For Elementor | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions. | ||||
| CVE-2025-69172 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Resurs <= 1.3 versions. | ||||
| CVE-2025-69175 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions. | ||||
| CVE-2025-69135 | 2026-06-17 | 8.5 High | ||
| Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions. | ||||
| CVE-2026-39576 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. | ||||
| CVE-2026-22328 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions. | ||||
| CVE-2026-40756 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Zoya <= 1.4 versions. | ||||