CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-42357
6.5 MEDIUM

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler …

Jun 17, 2026
CVE-2026-41557
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.

Jun 17, 2026
CVE-2026-41280
4.9 MEDIUM

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. …

Jun 17, 2026
CVE-2026-40783
9.9 CRITICAL

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.

Jun 17, 2026
CVE-2026-40768
7.3 HIGH

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.

Jun 17, 2026
CVE-2026-40765
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.

Jun 17, 2026
CVE-2026-40761
8.1 HIGH

Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.

Jun 17, 2026
CVE-2026-40760
8.1 HIGH

Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

Jun 17, 2026
CVE-2026-40759
8.1 HIGH

Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

Jun 17, 2026
CVE-2026-40758
8.1 HIGH

Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.

Jun 17, 2026
CVE-2026-40755
8.1 HIGH

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Jun 17, 2026
CVE-2026-40754
8.1 HIGH

Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

Jun 17, 2026
CVE-2026-40753
8.1 HIGH

Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.

Jun 17, 2026
CVE-2026-40751
8.1 HIGH

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Jun 17, 2026
CVE-2026-40749
9.9 CRITICAL

Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.

Jun 17, 2026
CVE-2026-40748
9.9 CRITICAL

Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.

Jun 17, 2026
CVE-2026-40747
9.9 CRITICAL

Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.

Jun 17, 2026
CVE-2026-40746
9.9 CRITICAL

Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.

Jun 17, 2026
CVE-2026-40739
8.1 HIGH

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Jun 17, 2026
CVE-2026-40736
8.1 HIGH

Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

Jun 17, 2026
CVE-2026-40735
8.1 HIGH

Unauthenticated PHP Object Injection in Reina <= 2.1 versions.

Jun 17, 2026
CVE-2026-40731
8.1 HIGH

Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.

Jun 17, 2026
CVE-2026-40726
8.2 HIGH

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.

Jun 17, 2026
CVE-2026-40725
9.8 CRITICAL

Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.

Jun 17, 2026
CVE-2026-40724
6.5 MEDIUM

CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.

Jun 17, 2026
CVE-2026-40723
4.3 MEDIUM

Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.

Jun 17, 2026
CVE-2026-40722
5.5 MEDIUM

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a …

Jun 17, 2026
CVE-2026-40721
7.5 HIGH

Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.

Jun 17, 2026
CVE-2026-39598
8.0 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue …

Jun 17, 2026
CVE-2026-39597
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.

Jun 17, 2026
CVE-2026-39596
9.3 CRITICAL

Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.

Jun 17, 2026
CVE-2026-39595
4.7 MEDIUM

Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.

Jun 17, 2026
CVE-2026-39589
9.9 CRITICAL

Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.

Jun 17, 2026
CVE-2026-39582
8.1 HIGH

Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.

Jun 17, 2026
CVE-2026-39580
8.1 HIGH

Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

Jun 17, 2026
CVE-2026-39578
5.5 MEDIUM

Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.

Jun 17, 2026
CVE-2026-39577
5.5 MEDIUM

Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

Jun 17, 2026
CVE-2026-39573
8.1 HIGH

Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.

Jun 17, 2026
CVE-2026-39568
8.1 HIGH

Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

Jun 17, 2026
CVE-2026-39567
8.1 HIGH

Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

Jun 17, 2026
CVE-2026-39558
8.1 HIGH

Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.

Jun 17, 2026
CVE-2026-39557
8.1 HIGH

Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

Jun 17, 2026
CVE-2026-39554
8.1 HIGH

Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

Jun 17, 2026
CVE-2026-39549
8.1 HIGH

Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

Jun 17, 2026
CVE-2026-39548
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.

Jun 17, 2026
CVE-2026-39547
8.1 HIGH

Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

Jun 17, 2026
CVE-2026-39546
7.6 HIGH

Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.

Jun 17, 2026
CVE-2026-39545
8.1 HIGH

Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.

Jun 17, 2026
CVE-2026-39539
8.1 HIGH

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.

Jun 17, 2026
CVE-2026-39537
8.1 HIGH

Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.