CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1...

9.8CVSS0.00313EPSS

Exploits0References1

NVD•added 2026/06/17 2:17 p.m.•9 views

CVE-2025-60230

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS0.00426EPSS

Exploits0References1

NVD•added 2026/06/17 2:17 p.m.•16 views

CVE-2025-60236

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...

9.8CVSS0.00313EPSS

Exploits0References1

NVD•added 2026/06/17 2:17 p.m.•15 views

CVE-2025-60229

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

9.8CVSS0.00426EPSS

Exploits0References1

NVD•added 2026/06/17 2:17 p.m.•8 views

CVE-2025-59554

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS0.00383EPSS

Exploits0References1

OSV•added 2026/06/17 2:17 p.m.•4 views

UBUNTU-CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

9.1CVSS5.9AI score0.00494EPSS

Exploits0References2

CVE•added 2026/06/17 2:8 p.m.•13 views

CVE-2026-55743

OpenHuman desktop agent (before 0.54.0, fixed in 0.56.0) contains two policy flaws in src/openhuman/security/policy.rs that bypass the shell allowlist, enabling remote code execution via indirect prompt injection. First, is_args_safe() blocks -exec and -ok while not blocking -execdir/-okdir (whic...

9.6CVSS6.7AI score0.00704EPSS

Exploits0References3

Patchstack•added 2026/06/17 2:6 p.m.•6 views

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...

7.5CVSS6AI score0.00195EPSS

Exploits0Affected Software1

Cvelist•added 2026/06/17 2:4 p.m.•18 views

CVE-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.0059EPSS

Exploits0References1

EUVD•added 2026/06/17 2:4 p.m.•7 views

EUVD-2026-37720

8.6CVSS5.6AI score0.0059EPSS

Exploits0References1

CVE•added 2026/06/17 2:4 p.m.•59 views

CVE-2026-11311

CVE-2026-11311 affects NGINX Gateway Fabric when used with NGINX Plus. The vulnerability resides in the NGINX configuration generator: user-supplied values from the NginxProxy CRD serverTokens field and the AuthenticationFilter CRD extraAuthArgs field are rendered directly into NGINX configuratio...

8.6CVSS5.6AI score0.0059EPSS

Exploits0References1

Patchstack•added 2026/06/17 1:55 p.m.•5 views

WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...

9.3CVSS6AI score0.00283EPSS

Exploits0Affected Software1

EUVD•added 2026/06/17 1:51 p.m.•7 views

EUVD-2026-37714

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...

9.3CVSS5.6AI score0.00241EPSS

Exploits0References1

Cvelist•added 2026/06/17 1:51 p.m.•28 views

CVE-2026-54809 WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...

9.3CVSS0.00241EPSS

Exploits0References1

EUVD•added 2026/06/17 1:51 p.m.•10 views

EUVD-2026-37713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS5.6AI score0.00317EPSS

Exploits0References1

EUVD•added 2026/06/17 1:47 p.m.•9 views

EUVD-2025-210246

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...

9.8CVSS5.2AI score0.00313EPSS

Exploits0References1

Cvelist•added 2026/06/17 1:47 p.m.•27 views

CVE-2025-60236 WordPress Creatify theme <= 1.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...

9.8CVSS0.00313EPSS

Exploits0References1