CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-12437
8.3 HIGH

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 17, 2026
CVE-2026-12360
7.5 HIGH

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query …

Jun 17, 2026
CVE-2026-12256
8.8 HIGH

Contributor PHP Object Injection in Avada <= 3.15.3 versions.

Jun 17, 2026
CVE-2026-12199
7.5 HIGH

A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. …

Jun 17, 2026
CVE-2026-12165
8.8 HIGH

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions …

Jun 17, 2026
CVE-2026-0083
7.0 HIGH

In Nfc::eventCallback() of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with …

Jun 17, 2026
CVE-2026-0082
7.8 HIGH

In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local …

Jun 17, 2026
CVE-2026-0081
7.8 HIGH

In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of …

Jun 17, 2026
CVE-2026-0071
7.8 HIGH

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege …

Jun 17, 2026
CVE-2026-0068
7.8 HIGH

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from …

Jun 17, 2026
CVE-2026-0063
7.8 HIGH

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to …

Jun 17, 2026
CVE-2026-0019
7.8 HIGH

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation …

Jun 17, 2026
CVE-2025-69178
8.1 HIGH

Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.

Jun 17, 2026
CVE-2025-69177
8.1 HIGH

Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.

Jun 17, 2026
CVE-2025-69176
8.1 HIGH

Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.

Jun 17, 2026
CVE-2025-69173
8.1 HIGH

Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions.

Jun 17, 2026
CVE-2025-69172
8.1 HIGH

Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.

Jun 17, 2026
CVE-2025-69171
8.1 HIGH

Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.

Jun 17, 2026
CVE-2025-69168
8.1 HIGH

Unauthenticated Local File Inclusion in Spike <= 1.2 versions.

Jun 17, 2026
CVE-2025-69167
8.1 HIGH

Unauthenticated Local File Inclusion in Eros <= 1.3 versions.

Jun 17, 2026
CVE-2025-69165
8.1 HIGH

Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.

Jun 17, 2026
CVE-2025-69163
8.1 HIGH

Unauthenticated Local File Inclusion in WineShop <= 3.17 versions.

Jun 17, 2026
CVE-2025-69162
8.1 HIGH

Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.

Jun 17, 2026
CVE-2025-69161
8.1 HIGH

Unauthenticated Local File Inclusion in Snowy <= 1.13 versions.

Jun 17, 2026
CVE-2025-69160
8.1 HIGH

Unauthenticated Local File Inclusion in Gita <= 1.11 versions.

Jun 17, 2026
CVE-2025-69159
8.1 HIGH

Unauthenticated Local File Inclusion in Printo <= 1.11 versions.

Jun 17, 2026
CVE-2025-69151
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.

Jun 17, 2026
CVE-2025-69150
8.1 HIGH

Unauthenticated Local File Inclusion in Medeus <= 1.14 versions.

Jun 17, 2026
CVE-2025-69149
8.1 HIGH

Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions.

Jun 17, 2026
CVE-2025-69148
8.1 HIGH

Unauthenticated Local File Inclusion in Quirky <= 1.23 versions.

Jun 17, 2026
CVE-2025-69147
8.1 HIGH

Unauthenticated Local File Inclusion in Putter <= 1.17 versions.

Jun 17, 2026
CVE-2025-69146
8.1 HIGH

Unauthenticated Local File Inclusion in Dom <= 1.24 versions.

Jun 17, 2026
CVE-2025-69145
8.1 HIGH

Unauthenticated Local File Inclusion in Gat <= 1.16 versions.

Jun 17, 2026
CVE-2025-69143
8.1 HIGH

Unauthenticated Local File Inclusion in Mission <= 1.22 versions.

Jun 17, 2026
CVE-2025-69142
8.1 HIGH

Unauthenticated Local File Inclusion in Abelle <= 1.22 versions.

Jun 17, 2026
CVE-2025-69141
8.1 HIGH

Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.

Jun 17, 2026
CVE-2025-69139
8.6 HIGH

Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions.

Jun 17, 2026
CVE-2025-69138
8.8 HIGH

Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.

Jun 17, 2026
CVE-2025-69136
8.1 HIGH

Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions.

Jun 17, 2026
CVE-2025-69135
8.5 HIGH

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.

Jun 17, 2026
CVE-2025-69131
7.5 HIGH

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.

Jun 17, 2026
CVE-2025-69125
8.1 HIGH

Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.

Jun 17, 2026
CVE-2025-69124
8.1 HIGH

Unauthenticated Local File Inclusion in Especio <= 1.0 versions.

Jun 17, 2026
CVE-2025-69121
8.1 HIGH

Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.

Jun 17, 2026
CVE-2025-69119
8.1 HIGH

Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.

Jun 17, 2026
CVE-2025-69118
8.1 HIGH

Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions.

Jun 17, 2026
CVE-2025-69117
8.1 HIGH

Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.

Jun 17, 2026
CVE-2025-69116
8.1 HIGH

Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.

Jun 17, 2026
CVE-2025-69114
8.1 HIGH

Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.

Jun 17, 2026
CVE-2025-69113
8.1 HIGH

Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.