CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

911 matches found

EUVD•added 3 days ago•4 views

EUVD-2026-39778

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS5.8AI score0.00325EPSS

Exploits0References2

NVD•added 3 days ago•5 views

CVE-2026-57635

Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...

6.5CVSS0.00123EPSS

Exploits0References1

EUVD•added 3 days ago•6 views

EUVD-2026-39764

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS5.8AI score0.00213EPSS

Exploits0References1

Cvelist•added 3 days ago•33 views

CVE-2026-57646 WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

5.4CVSS0.00181EPSS

Exploits0References1

EUVD•added 3 days ago•4 views

EUVD-2026-39694

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS5.8AI score0.00317EPSS

Exploits0References1

CVE•added 3 days ago•11 views

CVE-2026-52701

CVE-2026-52701 is an unauthenticated broken access control vulnerability affecting WordPress User Registration plugin versions

6.5CVSS5.8AI score0.00194EPSS

Exploits0References1

EUVD•added 4 days ago•4 views

EUVD-2026-39384

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS5.8AI score0.0018EPSS

Exploits0References1

Patchstack•added 5 days ago•7 views

WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS6AI score0.00376EPSS

Exploits0References1Affected Software1

NVD•added 2026/06/17 2:17 p.m.•8 views

CVE-2025-69130

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS0.00482EPSS

Exploits0References1

NVD•added 2026/06/17 2:17 p.m.•9 views

CVE-2025-60230

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS0.00426EPSS

Exploits0References1

NVD•added 2026/06/17 1:20 p.m.•8 views

CVE-2026-22329

Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...

7.1CVSS0.00186EPSS

Exploits0References1

NVD•added 2026/06/17 1:19 p.m.•10 views

CVE-2025-69125

Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...

8.1CVSS0.00348EPSS

Exploits0References1

Cvelist•added 2026/06/17 12:47 p.m.•28 views

CVE-2026-40738 WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

8.1CVSS0.00308EPSS

Exploits0References1

Cvelist•added 2026/06/16 8:57 p.m.•19 views

CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Esmée = 1.4 versions...

8.1CVSS0.0032EPSS

Exploits0References1

Cvelist•added 2026/06/16 8:57 p.m.•20 views

CVE-2026-40755 WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in TechLink = 1.3 versions...

8.1CVSS0.0025EPSS

Exploits0References1

Cvelist•added 2026/06/16 8:57 p.m.•18 views

CVE-2026-27429 WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...

9.8CVSS0.00556EPSS

Exploits0References1

CVE•added 2026/06/16 8:57 p.m.•14 views

CVE-2025-69160

CVE-2025-69160 : Unauthenticated Local File Inclusion in WordPress Gita theme

8.1CVSS5.1AI score0.00435EPSS

Exploits0References1

CVE•added 2026/06/16 8:57 p.m.•12 views

CVE-2025-69149

Technical details about CVE-2025-69149 (Top Dog theme LFI) are not publicly provided in the supplied documents. Please monitor official advisories and vendor patches for affected versions.

8.1CVSS5.2AI score0.00435EPSS

Exploits0References1

CVE•added 2026/06/16 8:57 p.m.•9 views

CVE-2025-69131

Affected software: WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (WordPress). Vulnerability: Unauthenticated Arbitrary File Download in versions

7.5CVSS5.2AI score0.00467EPSS

Exploits0References1

Cvelist•added 2026/06/16 8:56 p.m.•19 views

CVE-2025-69104 WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...

7.1CVSS0.00237EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by