CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-69107
8.1 HIGH

Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.

Jun 17, 2026
CVE-2025-69105
8.1 HIGH

Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.

Jun 17, 2026
CVE-2025-69104
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.

Jun 17, 2026
CVE-2025-69103
7.5 HIGH

Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.

Jun 17, 2026
CVE-2025-62340
3.1 LOW

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions …

Jun 17, 2026
CVE-2025-60223
7.7 HIGH

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.

Jun 17, 2026
CVE-2025-60218
9.9 CRITICAL

Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.

Jun 17, 2026
CVE-2025-60205
9.8 CRITICAL

Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.

Jun 17, 2026
CVE-2025-60085
8.1 HIGH

Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.

Jun 17, 2026
CVE-2025-59872
4.3 MEDIUM

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible …

Jun 17, 2026
CVE-2025-59563
8.8 HIGH

Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.

Jun 17, 2026
CVE-2025-59560
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.

Jun 17, 2026
CVE-2025-58954
8.1 HIGH

Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.

Jun 17, 2026
CVE-2025-58953
8.1 HIGH

Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.

Jun 17, 2026
CVE-2025-58952
8.1 HIGH

Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.

Jun 17, 2026
CVE-2025-58924
8.1 HIGH

Unauthenticated Local File Inclusion in Geya <= 1.15 versions.

Jun 17, 2026
CVE-2025-49403
7.5 HIGH

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.

Jun 17, 2026
CVE-2025-48643
7.8 HIGH

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional …

Jun 17, 2026
CVE-2025-48640
8.0 HIGH

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) …

Jun 17, 2026
CVE-2025-48617
7.8 HIGH

In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of …

Jun 17, 2026
CVE-2025-48571
4.3 MEDIUM

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. …

Jun 17, 2026
CVE-2025-31013
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through …

Jun 17, 2026
CVE-2025-15642

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing …

Jun 17, 2026
CVE-2025-15641

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with …

Jun 17, 2026
CVE-2024-52488
9.9 CRITICAL

Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.

Jun 17, 2026
CVE-2024-49269
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.

Jun 17, 2026
CVE-2024-37496
4.3 MEDIUM

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.

Jun 17, 2026
CVE-2024-37210
6.5 MEDIUM

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.

Jun 17, 2026
CVE-2024-35690
6.5 MEDIUM

Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through …

Jun 17, 2026
CVE-2024-35648
4.3 MEDIUM

Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through …

Jun 17, 2026
CVE-2024-34810
4.3 MEDIUM

Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.

Jun 17, 2026
CVE-2024-33909
5.3 MEDIUM

Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.

Jun 17, 2026
CVE-2024-33685
4.3 MEDIUM

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1.

Jun 17, 2026
CVE-2024-32949
8.3 HIGH

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through …

Jun 17, 2026
CVE-2024-32729
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational …

Jun 17, 2026
CVE-2024-31435
4.3 MEDIUM

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & …

Jun 17, 2026
CVE-2024-24709
4.3 MEDIUM

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.

Jun 17, 2026
CVE-2026-48776
4.2 MEDIUM

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior …

Jun 17, 2026
CVE-2026-48294
7.4 HIGH

Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to …

Jun 17, 2026
CVE-2026-46979
6.5 MEDIUM

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily …

Jun 17, 2026
CVE-2026-46978
10.0 CRITICAL

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows …

Jun 17, 2026
CVE-2026-46977
3.2 LOW

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows …

Jun 17, 2026
CVE-2026-46976
7.2 HIGH

Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability …

Jun 17, 2026
CVE-2026-46974
7.5 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows …

Jun 17, 2026
CVE-2026-46973
8.8 HIGH

Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily …

Jun 17, 2026
CVE-2026-46972
8.8 HIGH

Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily …

Jun 17, 2026
CVE-2026-46971
7.5 HIGH

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability …

Jun 17, 2026
CVE-2026-46970
7.2 HIGH

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows …

Jun 17, 2026
CVE-2026-46969
7.2 HIGH

Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability …

Jun 17, 2026
CVE-2026-46967
8.8 HIGH

Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability …

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.