Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8692 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-24228 1 Nvidia 2 Nemo, Nemo Framework 2026-06-17 7.8 High
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-47277 1 Runtipi 1 Runtipi 2026-06-17 6.5 Medium
Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only the lexical path before Node reads the file, so a Git app store that contains metadata/logo.jpg as a symbolic link can cause Runtipi to read and return the symlink target. Because the endpoint is public and the symlink target may point outside the cloned repository, this can expose local files from the Runtipi container such as /data/.env, /data/state/seed, logs, or application files. This can disclose JWT secrets, service credentials, local configuration, and operational logs depending on the instance. The issue has been fixed in version 4.10.0.
CVE-2025-71321 1 Mmaitre314 1 Picklescan 2026-06-17 9.8 Critical
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.
CVE-2026-39442 2 Presslayouts, Wordpress 2 Pressmart, Wordpress 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
CVE-2026-39560 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
CVE-2026-27410 2 Veronalabs, Wordpress 2 Slimstat Analytics, Wordpress 2026-06-17 6.5 Medium
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
CVE-2025-69127 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
CVE-2026-40735 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
CVE-2026-40757 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
CVE-2026-40733 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
CVE-2026-39556 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
CVE-2025-69111 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
CVE-2026-39576 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
CVE-2026-40756 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
CVE-2026-54806 2 Melapress, Wordpress 2 Wp Activity Log, Wordpress 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-49107 2 Thrivethemes, Wordpress 2 Thrive Apprentice, Wordpress 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
CVE-2026-54194 2 Themefusion, Wordpress 2 Fusion Builder, Wordpress 2026-06-17 9.8 Critical
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
CVE-2026-12256 2026-06-17 8.8 High
Contributor PHP Object Injection in Avada <= 3.15.3 versions.
CVE-2026-39539 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
CVE-2026-39554 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.