CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-39529
9.8 CRITICAL

Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.

Jun 17, 2026
CVE-2026-39522
8.1 HIGH

Unauthenticated Local File Inclusion in Solene <= 3.4 versions.

Jun 17, 2026
CVE-2026-39446
8.1 HIGH

Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.

Jun 17, 2026
CVE-2026-39443
8.1 HIGH

Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.

Jun 17, 2026
CVE-2026-39438
9.3 CRITICAL

Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.

Jun 17, 2026
CVE-2026-39433
6.5 MEDIUM

Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.

Jun 17, 2026
CVE-2026-34895
8.1 HIGH

Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.

Jun 17, 2026
CVE-2026-34894
8.1 HIGH

Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.

Jun 17, 2026
CVE-2026-34893
8.1 HIGH

Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.

Jun 17, 2026
CVE-2026-34888
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.

Jun 17, 2026
CVE-2026-32967
9.1 CRITICAL

Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, …

Jun 17, 2026
CVE-2026-32966
9.8 CRITICAL

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended …

Jun 17, 2026
CVE-2026-2604
5.6 MEDIUM

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious …

Jun 17, 2026
CVE-2026-28615
7.8 HIGH

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of …

Jun 17, 2026
CVE-2026-28587
5.5 MEDIUM

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information …

Jun 17, 2026
CVE-2026-28576
5.5 MEDIUM

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with …

Jun 17, 2026
CVE-2026-28575
5.5 MEDIUM

In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial …

Jun 17, 2026
CVE-2026-27870

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the …

Jun 17, 2026
CVE-2026-27869

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has …

Jun 17, 2026
CVE-2026-27868

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has …

Jun 17, 2026
CVE-2026-27429
9.8 CRITICAL

Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.

Jun 17, 2026
CVE-2026-27410
6.5 MEDIUM

Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.

Jun 17, 2026
CVE-2026-27400
8.6 HIGH

Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.

Jun 17, 2026
CVE-2026-27395
9.8 CRITICAL

Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.

Jun 17, 2026
CVE-2026-27041
9.9 CRITICAL

Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.

Jun 17, 2026
CVE-2026-25470
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This …

Jun 17, 2026
CVE-2026-25446
9.9 CRITICAL

Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.

Jun 17, 2026
CVE-2026-25439
8.1 HIGH

Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.

Jun 17, 2026
CVE-2026-24611
9.1 CRITICAL

Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.

Jun 17, 2026
CVE-2026-24610
4.3 MEDIUM

Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.

Jun 17, 2026
CVE-2026-24575
4.3 MEDIUM

Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.

Jun 17, 2026
CVE-2026-22343
8.6 HIGH

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

Jun 17, 2026
CVE-2026-22342
8.8 HIGH

Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.

Jun 17, 2026
CVE-2026-22340
9.3 CRITICAL

Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.

Jun 17, 2026
CVE-2026-22339
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.

Jun 17, 2026
CVE-2026-22338
8.1 HIGH

Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.

Jun 17, 2026
CVE-2026-22335
8.5 HIGH

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.

Jun 17, 2026
CVE-2026-22334
7.5 HIGH

Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.

Jun 17, 2026
CVE-2026-22332
9.3 CRITICAL

Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.

Jun 17, 2026
CVE-2026-22331
8.1 HIGH

Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.

Jun 17, 2026
CVE-2026-22330
8.1 HIGH

Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.

Jun 17, 2026
CVE-2026-22329
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.

Jun 17, 2026
CVE-2026-22328
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.

Jun 17, 2026
CVE-2026-22327
9.9 CRITICAL

Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.

Jun 17, 2026
CVE-2026-22326
8.1 HIGH

Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.

Jun 17, 2026
CVE-2026-22325
8.1 HIGH

Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.

Jun 17, 2026
CVE-2026-12491
4.8 MEDIUM

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF …

Jun 17, 2026
CVE-2026-12469
4.3 MEDIUM

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. …

Jun 17, 2026
CVE-2026-12468
8.3 HIGH

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026
CVE-2026-12467
8.3 HIGH

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.