CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2026-54816

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS0.00292EPSS

CVE-2026-54809

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...

9.3CVSS0.00241EPSS

CVE-2026-40733

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

8.1CVSS0.00308EPSS

NVD•added 5 days ago•7 views

CVE-2026-39556

Unauthenticated PHP Object Injection in Konsept = 1.9 versions...

8.1CVSS0.00308EPSS

CVE-2025-69166

Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...

8.1CVSS0.00435EPSS

CVE-2025-69170

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

8.1CVSS0.00348EPSS

CVE-2025-69174

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

8.1CVSS0.00348EPSS

NVD•added 5 days ago•8 views

CVE-2025-69164

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

8.1CVSS0.00348EPSS

NVD•added 5 days ago•8 views

CVE-2025-69157

Unauthenticated Local File Inclusion in Gamic = 1.15 versions...

8.1CVSS0.00435EPSS

CVE-2025-69127

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS0.00386EPSS

CVE-2025-69120

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

8.1CVSS0.00435EPSS

NVD•added 5 days ago•4 views

CVE-2025-66391

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account...

8.8CVSS0.00383EPSS

Exploits0References2

CVE-2026-54196

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS0.00211EPSS