CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2026-54808

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS0.00317EPSS

CVE-2026-54809

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...

9.3CVSS0.00241EPSS

NVD•added 2026/06/17 2:17 p.m.•7 views

CVE-2026-49108

Unauthenticated PHP Object Injection in Moderno 1.43 versions...

9.8CVSS0.00304EPSS

OSV•added 2026/06/17 2:17 p.m.•5 views

DEBIAN-CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

9.1CVSS5.4AI score0.00494EPSS

CVE-2026-40752

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

NVD•added 2026/06/17 2:17 p.m.•10 views

CVE-2026-40757

Unauthenticated PHP Object Injection in Château = 1.2.1 versions...

8.1CVSS0.0025EPSS

NVD•added 2026/06/17 2:17 p.m.•6 views

CVE-2026-40733

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

NVD•added 2026/06/17 2:17 p.m.•7 views

CVE-2026-40738

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

NVD•added 2026/06/17 2:17 p.m.•10 views

CVE-2026-40756

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

8.1CVSS0.0025EPSS

CVE-2026-39576

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS0.00395EPSS

CVE-2026-39560

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

CVE-2026-39556

Unauthenticated PHP Object Injection in Konsept = 1.9 versions...

NVD•added 2026/06/17 2:17 p.m.•6 views

CVE-2026-39442

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

CVE-2026-39445

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

8.1CVSS0.00395EPSS

CVE-2025-69130

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS0.00482EPSS

CVE-2025-69127

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS0.00386EPSS

CVE-2025-69111

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

9.8CVSS0.00386EPSS

NVD•added 2026/06/17 2:17 p.m.•6 views

CVE-2025-60231

Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1...

9.8CVSS0.00313EPSS

CVE-2025-60230

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS0.00426EPSS

NVD•added 2026/06/17 2:17 p.m.•16 views

CVE-2025-60236

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...

9.8CVSS0.00313EPSS