CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-39523
8.1 HIGH

Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.

Jun 17, 2026
CVE-2026-39445
8.1 HIGH

Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.

Jun 17, 2026
CVE-2026-39442
8.1 HIGH

Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.

Jun 17, 2026
CVE-2026-10641
7.1 HIGH

Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses …

Jun 17, 2026
CVE-2025-69189
7.3 HIGH

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3.

Jun 17, 2026
CVE-2025-69175
8.1 HIGH

Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.

Jun 17, 2026
CVE-2025-69174
8.1 HIGH

Unauthenticated Local File Inclusion in Etude <= 1.6 versions.

Jun 17, 2026
CVE-2025-69170
8.1 HIGH

Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.

Jun 17, 2026
CVE-2025-69166
8.1 HIGH

Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.

Jun 17, 2026
CVE-2025-69164
8.1 HIGH

Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.

Jun 17, 2026
CVE-2025-69158
8.1 HIGH

Unauthenticated Local File Inclusion in Granola <= 1.13 versions.

Jun 17, 2026
CVE-2025-69157
8.1 HIGH

Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.

Jun 17, 2026
CVE-2025-69144
8.1 HIGH

Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.

Jun 17, 2026
CVE-2025-69140
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.

Jun 17, 2026
CVE-2025-69130
8.8 HIGH

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.

Jun 17, 2026
CVE-2025-69128
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through …

Jun 17, 2026
CVE-2025-69127
9.8 CRITICAL

Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.

Jun 17, 2026
CVE-2025-69126
8.1 HIGH

Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.

Jun 17, 2026
CVE-2025-69123
8.1 HIGH

Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.

Jun 17, 2026
CVE-2025-69120
8.1 HIGH

Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.

Jun 17, 2026
CVE-2025-69115
8.1 HIGH

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.

Jun 17, 2026
CVE-2025-69111
9.8 CRITICAL

Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.

Jun 17, 2026
CVE-2025-69106
8.1 HIGH

Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.

Jun 17, 2026
CVE-2025-68524
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.

Jun 17, 2026
CVE-2025-66391
8.8 HIGH

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send …

Jun 17, 2026
CVE-2025-60236
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5.

Jun 17, 2026
CVE-2025-60231
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1.

Jun 17, 2026
CVE-2025-60230
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9.

Jun 17, 2026
CVE-2025-60229
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.

Jun 17, 2026
CVE-2025-59554
9.3 CRITICAL

Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.

Jun 17, 2026
CVE-2025-15657
5.3 MEDIUM

Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.

Jun 17, 2026
CVE-2026-9690
7.5 HIGH

Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.

Jun 17, 2026
CVE-2026-9570
7.1 HIGH

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one …

Jun 17, 2026
CVE-2026-8607
6.4 MEDIUM

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' …

Jun 17, 2026
CVE-2026-8494
6.4 MEDIUM

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions …

Jun 17, 2026
CVE-2026-8383
5.3 MEDIUM

The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors …

Jun 17, 2026
CVE-2026-8317

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 17, 2026
CVE-2026-8089
7.1 HIGH

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before …

Jun 17, 2026
CVE-2026-7850
5.9 MEDIUM

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load …

Jun 17, 2026
CVE-2026-5667

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan …

Jun 17, 2026
CVE-2026-55706
5.8 MEDIUM

sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.

Jun 17, 2026
CVE-2026-54811
9.3 CRITICAL

Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.

Jun 17, 2026
CVE-2026-54807
9.8 CRITICAL

Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.

Jun 17, 2026
CVE-2026-54806
9.8 CRITICAL

Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

Jun 17, 2026
CVE-2026-54805
8.8 HIGH

Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

Jun 17, 2026
CVE-2026-54804
7.6 HIGH

Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

Jun 17, 2026
CVE-2026-54803
9.8 CRITICAL

Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

Jun 17, 2026
CVE-2026-54802
7.5 HIGH

Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

Jun 17, 2026
CVE-2026-54196
6.8 MEDIUM

Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

Jun 17, 2026
CVE-2026-54195
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.