CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-54805
8.8 HIGH

Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

Jun 17, 2026
CVE-2026-54804
7.6 HIGH

Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

Jun 17, 2026
CVE-2026-54802
7.5 HIGH

Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

Jun 17, 2026
CVE-2026-54195
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

Jun 17, 2026
CVE-2026-54192
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.

Jun 17, 2026
CVE-2026-54189
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Jun 17, 2026
CVE-2026-54188
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Jun 17, 2026
CVE-2026-54185
8.5 HIGH

Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

Jun 17, 2026
CVE-2026-54184
8.2 HIGH

Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.

Jun 17, 2026
CVE-2026-53876
7.2 HIGH

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by …

Jun 17, 2026
CVE-2026-52698
7.4 HIGH

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation &amp; Chat Widget <= 4.2.3 versions.

Jun 17, 2026
CVE-2026-52696
7.5 HIGH

Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.

Jun 17, 2026
CVE-2026-49778
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.

Jun 17, 2026
CVE-2026-49113
8.5 HIGH

Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

Jun 17, 2026
CVE-2026-49081
8.2 HIGH

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.

Jun 17, 2026
CVE-2026-49074
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.

Jun 17, 2026
CVE-2026-49073
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist …

Jun 17, 2026
CVE-2026-49057
7.5 HIGH

Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.

Jun 17, 2026
CVE-2026-48967
8.5 HIGH

Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.

Jun 17, 2026
CVE-2026-48929
7.5 HIGH

Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any …

Jun 17, 2026
CVE-2026-48869
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.

Jun 17, 2026
CVE-2026-48788
8.2 HIGH

Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site …

Jun 17, 2026
CVE-2026-48779
7.5 HIGH

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to …

Jun 17, 2026
CVE-2026-42629
8.8 HIGH

Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.

Jun 17, 2026
CVE-2026-42385
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.

Jun 17, 2026
CVE-2026-41557
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.

Jun 17, 2026
CVE-2026-40768
7.3 HIGH

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.

Jun 17, 2026
CVE-2026-40765
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.

Jun 17, 2026
CVE-2026-40761
8.1 HIGH

Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.

Jun 17, 2026
CVE-2026-40760
8.1 HIGH

Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

Jun 17, 2026
CVE-2026-40759
8.1 HIGH

Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

Jun 17, 2026
CVE-2026-40758
8.1 HIGH

Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.

Jun 17, 2026
CVE-2026-40755
8.1 HIGH

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Jun 17, 2026
CVE-2026-40754
8.1 HIGH

Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

Jun 17, 2026
CVE-2026-40753
8.1 HIGH

Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.

Jun 17, 2026
CVE-2026-40751
8.1 HIGH

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Jun 17, 2026
CVE-2026-40739
8.1 HIGH

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Jun 17, 2026
CVE-2026-40736
8.1 HIGH

Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

Jun 17, 2026
CVE-2026-40735
8.1 HIGH

Unauthenticated PHP Object Injection in Reina <= 2.1 versions.

Jun 17, 2026
CVE-2026-40731
8.1 HIGH

Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.

Jun 17, 2026
CVE-2026-40726
8.2 HIGH

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.

Jun 17, 2026
CVE-2026-40721
7.5 HIGH

Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.

Jun 17, 2026
CVE-2026-39598
8.0 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue …

Jun 17, 2026
CVE-2026-39597
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.

Jun 17, 2026
CVE-2026-39582
8.1 HIGH

Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.

Jun 17, 2026
CVE-2026-39580
8.1 HIGH

Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

Jun 17, 2026
CVE-2026-39573
8.1 HIGH

Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.

Jun 17, 2026
CVE-2026-39568
8.1 HIGH

Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

Jun 17, 2026
CVE-2026-39567
8.1 HIGH

Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

Jun 17, 2026
CVE-2026-39558
8.1 HIGH

Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.