CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-35066
7.1 HIGH

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to …

Jun 17, 2026
CVE-2026-35065
8.8 HIGH

Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, …

Jun 17, 2026
CVE-2026-32804
8.1 HIGH

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized …

Jun 17, 2026
CVE-2026-22283
7.5 HIGH

Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could …

Jun 17, 2026
CVE-2026-11311
8.1 HIGH

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX …

Jun 17, 2026
CVE-2026-55738
8.8 HIGH

A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of …

Jun 17, 2026
CVE-2026-54818
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat …

Jun 17, 2026
CVE-2026-54816
7.5 HIGH

Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through …

Jun 17, 2026
CVE-2026-54814
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue …

Jun 17, 2026
CVE-2026-54813
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: …

Jun 17, 2026
CVE-2026-54417
7.5 HIGH

An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU …

Jun 17, 2026
CVE-2026-54193
7.7 HIGH

Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.

Jun 17, 2026
CVE-2026-52707
8.1 HIGH

Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.

Jun 17, 2026
CVE-2026-40757
8.1 HIGH

Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.

Jun 17, 2026
CVE-2026-40756
8.1 HIGH

Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

Jun 17, 2026
CVE-2026-40752
8.1 HIGH

Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.

Jun 17, 2026
CVE-2026-40738
8.1 HIGH

Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.

Jun 17, 2026
CVE-2026-40733
8.1 HIGH

Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.

Jun 17, 2026
CVE-2026-40720
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.

Jun 17, 2026
CVE-2026-39590
8.1 HIGH

Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.

Jun 17, 2026
CVE-2026-39576
8.1 HIGH

Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.

Jun 17, 2026
CVE-2026-39560
8.1 HIGH

Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.

Jun 17, 2026
CVE-2026-39559
8.1 HIGH

Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.

Jun 17, 2026
CVE-2026-39556
8.1 HIGH

Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.

Jun 17, 2026
CVE-2026-39523
8.1 HIGH

Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.

Jun 17, 2026
CVE-2026-39445
8.1 HIGH

Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.

Jun 17, 2026
CVE-2026-39442
8.1 HIGH

Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.

Jun 17, 2026
CVE-2026-10641
7.1 HIGH

Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses …

Jun 17, 2026
CVE-2025-69189
7.3 HIGH

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3.

Jun 17, 2026
CVE-2025-69175
8.1 HIGH

Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.

Jun 17, 2026
CVE-2025-69174
8.1 HIGH

Unauthenticated Local File Inclusion in Etude <= 1.6 versions.

Jun 17, 2026
CVE-2025-69170
8.1 HIGH

Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.

Jun 17, 2026
CVE-2025-69166
8.1 HIGH

Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.

Jun 17, 2026
CVE-2025-69164
8.1 HIGH

Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.

Jun 17, 2026
CVE-2025-69158
8.1 HIGH

Unauthenticated Local File Inclusion in Granola <= 1.13 versions.

Jun 17, 2026
CVE-2025-69157
8.1 HIGH

Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.

Jun 17, 2026
CVE-2025-69144
8.1 HIGH

Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.

Jun 17, 2026
CVE-2025-69140
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.

Jun 17, 2026
CVE-2025-69130
8.8 HIGH

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.

Jun 17, 2026
CVE-2025-69128
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through …

Jun 17, 2026
CVE-2025-69126
8.1 HIGH

Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.

Jun 17, 2026
CVE-2025-69123
8.1 HIGH

Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.

Jun 17, 2026
CVE-2025-69120
8.1 HIGH

Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.

Jun 17, 2026
CVE-2025-69115
8.1 HIGH

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.

Jun 17, 2026
CVE-2025-69106
8.1 HIGH

Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.

Jun 17, 2026
CVE-2025-68524
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.

Jun 17, 2026
CVE-2025-66391
8.8 HIGH

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send …

Jun 17, 2026
CVE-2026-9690
7.5 HIGH

Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.

Jun 17, 2026
CVE-2026-9570
7.1 HIGH

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one …

Jun 17, 2026
CVE-2026-8089
7.1 HIGH

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before …

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.