CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-39557
8.1 HIGH

Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

Jun 17, 2026
CVE-2026-39554
8.1 HIGH

Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

Jun 17, 2026
CVE-2026-39549
8.1 HIGH

Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

Jun 17, 2026
CVE-2026-39548
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.

Jun 17, 2026
CVE-2026-39547
8.1 HIGH

Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

Jun 17, 2026
CVE-2026-39546
7.6 HIGH

Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.

Jun 17, 2026
CVE-2026-39545
8.1 HIGH

Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.

Jun 17, 2026
CVE-2026-39539
8.1 HIGH

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.

Jun 17, 2026
CVE-2026-39537
8.1 HIGH

Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.

Jun 17, 2026
CVE-2026-39522
8.1 HIGH

Unauthenticated Local File Inclusion in Solene <= 3.4 versions.

Jun 17, 2026
CVE-2026-39446
8.1 HIGH

Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.

Jun 17, 2026
CVE-2026-39443
8.1 HIGH

Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.

Jun 17, 2026
CVE-2026-34895
8.1 HIGH

Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.

Jun 17, 2026
CVE-2026-34894
8.1 HIGH

Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.

Jun 17, 2026
CVE-2026-34893
8.1 HIGH

Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.

Jun 17, 2026
CVE-2026-34888
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.

Jun 17, 2026
CVE-2026-28615
7.8 HIGH

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of …

Jun 17, 2026
CVE-2026-27400
8.6 HIGH

Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.

Jun 17, 2026
CVE-2026-25439
8.1 HIGH

Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.

Jun 17, 2026
CVE-2026-22343
8.6 HIGH

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

Jun 17, 2026
CVE-2026-22342
8.8 HIGH

Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.

Jun 17, 2026
CVE-2026-22339
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.

Jun 17, 2026
CVE-2026-22338
8.1 HIGH

Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.

Jun 17, 2026
CVE-2026-22335
8.5 HIGH

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.

Jun 17, 2026
CVE-2026-22334
7.5 HIGH

Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.

Jun 17, 2026
CVE-2026-22331
8.1 HIGH

Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.

Jun 17, 2026
CVE-2026-22330
8.1 HIGH

Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.

Jun 17, 2026
CVE-2026-22329
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.

Jun 17, 2026
CVE-2026-22328
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.

Jun 17, 2026
CVE-2026-22326
8.1 HIGH

Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.

Jun 17, 2026
CVE-2026-22325
8.1 HIGH

Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.

Jun 17, 2026
CVE-2026-12468
8.3 HIGH

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026
CVE-2026-12467
8.3 HIGH

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026
CVE-2026-12466
8.8 HIGH

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 17, 2026
CVE-2026-12465
8.3 HIGH

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026
CVE-2026-12464
8.3 HIGH

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026
CVE-2026-12462
7.5 HIGH

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code …

Jun 17, 2026
CVE-2026-12455
7.5 HIGH

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI …

Jun 17, 2026
CVE-2026-12454
8.3 HIGH

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 17, 2026
CVE-2026-12452
8.8 HIGH

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 17, 2026
CVE-2026-12451
8.3 HIGH

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026
CVE-2026-12449
7.8 HIGH

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious …

Jun 17, 2026
CVE-2026-12448
8.8 HIGH

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. …

Jun 17, 2026
CVE-2026-12447
8.8 HIGH

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 17, 2026
CVE-2026-12445
7.5 HIGH

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially …

Jun 17, 2026
CVE-2026-12443
8.8 HIGH

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. …

Jun 17, 2026
CVE-2026-12442
8.8 HIGH

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 17, 2026
CVE-2026-12441
8.8 HIGH

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a …

Jun 17, 2026
CVE-2026-12439
8.8 HIGH

Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …

Jun 17, 2026
CVE-2026-12438
8.3 HIGH

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.