CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8041 matches found

Cvelist•added 6 days ago•25 views

CVE-2026-40735 WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Reina = 2.1 versions...

8.1CVSS0.00395EPSS

Exploits0References1

CVE•added 6 days ago•9 views

CVE-2026-40735

Summary: CVE-2026-40735 concerns unauthenticated PHP Object Injection in WordPress Reina theme versions <= 2.1. The vulnerability is tied to the Reina plugin/theme codebase and is described as an unauthenticated PHP Object Injection, with CVSSv3.1 impact vector indicating high severity (8.1 ba...

8.1CVSS5.3AI score0.00395EPSS

Exploits0References1

Cvelist•added 6 days ago•23 views

CVE-2026-40725 WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WooCommerce Product Filters 2.0.6 versions...

9.8CVSS0.00375EPSS

Exploits0References1

CVE•added 6 days ago•9 views

CVE-2026-40725

CVE-2026-40725 affects the WordPress WooCommerce Product Filters plugin (versions

9.8CVSS5.3AI score0.00375EPSS

Exploits0References1

Cvelist•added 6 days ago•25 views

CVE-2026-39573 WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

8.1CVSS0.00395EPSS

Exploits0References1

CVE•added 6 days ago•6 views

CVE-2026-39573

CVE-2026-39573 : Unauthenticated PHP Object Injection in WordPress Mildhill theme <= 1.5. Affected component: Mildhill theme (WordPress). Root cause: PHP Object Injection vulnerability. Impact: high across confidentiality, integrity, and availability (CVSSv3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/...

8.1CVSS5.3AI score0.00395EPSS

Exploits0References1

Cvelist•added 6 days ago•24 views

CVE-2026-39545 WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...

8.1CVSS0.00395EPSS

Exploits0References1

CVE•added 6 days ago•8 views

CVE-2026-39545

The CVE-2026-39545 entry affects the WordPress Zermatt theme (versions <= 1.6.1) and describes an unauthenticated PHP Object Injection vulnerability in Zermatt

8.1CVSS5.3AI score0.00395EPSS

Exploits0References1

Cvelist•added 6 days ago•26 views

CVE-2025-60205 WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...

9.8CVSS0.00525EPSS

Exploits0References1

CVE•added 6 days ago•7 views

CVE-2025-60205

The CVE-2025-60205 entry concerns WordPress ThemeREX Addons plugin version

9.8CVSS5.3AI score0.00525EPSS

Exploits0References1

CVE•added 6 days ago•11 views

CVE-2026-12115

The vulnerability CVE-2026-12115 affects the WordPress plugin Counter Box (versions up to 2.0.13). It allows PHP Object Injection via deserialization of untrusted input and requires authenticated access at Administrator+ level. Deserialization occurs automatically during the post-import redirect ...

6.6CVSS6AI score0.0074EPSS

Exploits0References6

Cvelist•added 6 days ago•28 views

CVE-2026-12115 Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS0.0074EPSS

Exploits0References6

Positive Technologies•added 6 days ago•14 views

PT-2026-50404

Name of the Vulnerable Software and Affected Versions ShiftUp versions 1.3 and earlier Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input is passed to the unserialize function without proper validation, potentiall...

8.1CVSS5.7AI score0.00308EPSS

Exploits0References3

Positive Technologies•added 6 days ago•14 views

PT-2026-50606

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...

6AI score

Exploits0References3

Cvelist•added last week•18 views

CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...

8.1CVSS0.0032EPSS

Exploits0References1

CVE•added last week•9 views

CVE-2026-40761

WordPress Theme Valeska <= 1.2.2 is affected by an unauthenticated PHP Object Injection vulnerability. Affected component: Valeska theme (WordPress). Root cause: PHP object injection in versions

8.1CVSS5.3AI score0.0032EPSS

Exploits0References1

Cvelist•added last week•18 views

CVE-2026-40760 WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Behold = 1.5 versions...

8.1CVSS0.0032EPSS

Exploits0References1

Cvelist•added last week•19 views

CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Esmée = 1.4 versions...

8.1CVSS0.0032EPSS

Exploits0References1