Lucene search
K

363779 matches found

NVD
NVD
added 2026/06/17 2:17 p.m.12 views

CVE-2025-69111

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

9.8CVSS0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2025-69123

Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.7 views

CVE-2025-69120

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.18 views

CVE-2025-60236

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...

9.8CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.5 views

CVE-2025-69106

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.7 views

CVE-2025-60231

Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1...

9.8CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2025-66391

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account...

8.8CVSS0.00383EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2025-68524

Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...

7.1CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2025-60230

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.18 views

CVE-2025-60229

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

9.8CVSS0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2025-59554

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2025-15657

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:21 p.m.8 views

CVE-2026-9690

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS0.00467EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:21 p.m.9 views

CVE-2026-8607

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

6.4CVSS0.00269EPSS
Exploits0References8
NVD
NVD
added 2026/06/17 1:21 p.m.10 views

CVE-2026-9570

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:21 p.m.6 views

CVE-2026-8317

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
added 2026/06/17 1:21 p.m.10 views

CVE-2026-8494

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 1:21 p.m.11 views

CVE-2026-8383

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

5.3CVSS0.00424EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:21 p.m.8 views

CVE-2026-8089

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated...

7.1CVSS0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:21 p.m.8 views

CVE-2026-7850

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

5.9CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-55706

sppppapinput in sys/net/ifspppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths...

5.8CVSS0.00211EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-5667

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

7.2CVSS0.00151EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.13 views

CVE-2026-54811

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-54805

Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...

8.8CVSS0.00389EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-54807

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...

9.8CVSS0.0045EPSS
Exploits1References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-54804

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

7.6CVSS0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-54802

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS0.00381EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-54803

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS0.0045EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.13 views

CVE-2026-54806

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS0.00588EPSS
Exploits1References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-54192

Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...

7.1CVSS0.00192EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-54188

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-54195

Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-54194

Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...

9.8CVSS0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-54196

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.12 views

CVE-2026-54189

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-54187

Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-54186

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

9.3CVSS0.00297EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-54185

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-52705

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

9CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-53876

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

8.6CVSS0.01786EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-54184

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

8.2CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-52706

Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...

9.8CVSS0.00466EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-52698

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...

7.4CVSS0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-52696

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-50203

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS0.00626EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-49107

Unauthenticated PHP Object Injection in Thrive Apprentice 10.8.10.2 versions...

9.8CVSS0.00375EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-49084

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-49081

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...

8.2CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-49767

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00548EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-49113

Subscriber Arbitrary Code Execution in Cornerstone 7.8.8 versions...

8.5CVSS0.00371EPSS
Exploits0References1
Total number of security vulnerabilities363779