CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93224 matches found

CVE-2026-39443

CVE-2026-39443 affects the WordPress EmallShop theme (versions <= 2.4.21). It is an unauthenticated PHP object injection vulnerability. According to Patchstack metrics, impact is High for confidentiality, integrity, and availability, with CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and a bas...

8.1CVSS5.3AI score0.00395EPSS

Exploits0References1

CVE•added 5 days ago•7 views

CVE-2026-12256

The CVE concerns WordPress sites using the Avada theme ≤ 3.15.3, where a PHP Object Injection vulnerability exists in the Contributor component. The issue is triggered remotely over the network (attack vector: NETWORK, low complexity, required privileges: LOW, no user interaction). The impact is ...

8.8CVSS5.3AI score0.00482EPSS

Exploits0References1

CVE•added 5 days ago•10 views

CVE-2025-69122

CVE-2025-69122 affects WordPress SeaFood Company theme versions up to 1.4. It describes an unauthenticated PHP Object Injection vulnerability with a CVSS v3.1 base score of 9.8 (NETWORK, NONE/LOW ACCESS, HIGH impact on confidentiality, integrity, and availability). The connected documents confirm...

9.8CVSS5.3AI score0.00525EPSS

Exploits0References1

CVE•added 5 days ago•9 views

CVE-2025-69108

CVE-2025-69108 is an unauthenticated PHP Object Injection in the WordPress theme Hot Coffee (<= 1.7). The description specifies unauthenticated object injection in Hot Coffee

9.8CVSS5.3AI score0.00525EPSS

Exploits0References1

Cvelist•added 5 days ago•18 views

CVE-2025-69108 WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...

9.8CVSS0.00525EPSS

Exploits0References1

CVE•added 5 days ago•9 views

CVE-2026-54194

CVE-2026-54194 concerns the WordPress Fusion Builder plugin, affected versions ≤ 3.15.4, with a PHP Object Injection vulnerability identified in the CVE record. The provided information confirms the affected component (Fusion Builder), the vulnerable version range, and the nature of the issue (PH...

9.8CVSS5.3AI score0.00525EPSS

Exploits0References1

Cvelist•added 5 days ago•18 views

CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...

9.8CVSS0.00525EPSS

Exploits0References1

Nuclei•added 5 days ago•750 views

PHP CGI - Argument Injection

PHP CGI - Argument Injection CVE-2024-4577 is a critical argument injection flaw in PHP. id: CVE-2024-4577 info: name: PHP CGI - Argument Injection author: Hüseyin TINTAŞ,sw0rk17,s4e-io,pdresearch severity: critical description: | PHP CGI - Argument Injection CVE-2024-4577 is a critical argument...

9.8CVSS7.7AI score0.99987EPSS

Exploits64References4

Nuclei•added 5 days ago•894 views

Roundcube Webmail - Remote Code Execution

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...

9.9CVSS9.3AI score0.89163EPSS

Exploits29References8

Nuclei•added 5 days ago•72 views

PHP CGI v5.3.12/5.4.2 Remote Code Execution

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS8AI score0.99998EPSS

Exploits41References5

Nuclei•added 5 days ago•133 views

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

10CVSS8.8AI score0.74427EPSS

Exploits11References7

Nuclei•added 5 days ago•51 views

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands id: CVE-2023-36845 info: name: Juniper J-Web - Remote Code...

9.8CVSS7.9AI score0.93546EPSS

Exploits27References5

Nuclei•added 5 days ago•90 views

Yii2 PHP Framework < 2.0.52 - Remote Code Execution

Yii2 PHP Framework before 2.0.52 is vulnerable to remote code execution via improper validation of the class key in JSON behaviors. An attacker can instantiate arbitrary PHP classes and achieve RCE. id: CVE-2024-58136 info: name: Yii2 PHP Framework 2.0.52 - Remote Code Execution author:...

9.8CVSS9.1AI score0.87714EPSS

Exploits1References2

Nuclei•added 5 days ago•60 views

D-Link DAR-8000-10 - Command Injection

D-Link DAR-8000-10 version has an operating system command injection vulnerability. The vulnerability originates from the parameter id of the file /app/sys1.php which can lead to operating system command injection. id: CVE-2023-4542 info: name: D-Link DAR-8000-10 - Command Injection author:...

9.8CVSS6.8AI score0.86533EPSS

Exploits1References5

EUVD•added 5 days ago•9 views

EUVD-2026-37033

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

8.8CVSS6.6AI score0.00594EPSS

Exploits0References7