CVE Database

9215+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-49079
9.3 CRITICAL

Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.

Jun 17, 2026
CVE-2026-49076
9.3 CRITICAL

Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.

Jun 17, 2026
CVE-2026-49075
9.8 CRITICAL

Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.

Jun 17, 2026
CVE-2026-49058
9.8 CRITICAL

Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.

Jun 17, 2026
CVE-2026-48875
9.3 CRITICAL

Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.

Jun 17, 2026
CVE-2026-48781
9.9 CRITICAL

Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape …

Jun 17, 2026
CVE-2026-48745
9.3 CRITICAL

Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, …

Jun 17, 2026
CVE-2026-48616
9.3 CRITICAL

Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat …

Jun 17, 2026
CVE-2026-48055
10.0 CRITICAL

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was …

Jun 17, 2026
CVE-2026-42380
9.8 CRITICAL

Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.

Jun 17, 2026
CVE-2026-40783
9.9 CRITICAL

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.

Jun 17, 2026
CVE-2026-40749
9.9 CRITICAL

Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.

Jun 17, 2026
CVE-2026-40748
9.9 CRITICAL

Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.

Jun 17, 2026
CVE-2026-40747
9.9 CRITICAL

Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.

Jun 17, 2026
CVE-2026-40746
9.9 CRITICAL

Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.

Jun 17, 2026
CVE-2026-40725
9.8 CRITICAL

Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.

Jun 17, 2026
CVE-2026-39596
9.3 CRITICAL

Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.

Jun 17, 2026
CVE-2026-39589
9.9 CRITICAL

Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.

Jun 17, 2026
CVE-2026-39529
9.8 CRITICAL

Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.

Jun 17, 2026
CVE-2026-39438
9.3 CRITICAL

Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.

Jun 17, 2026
CVE-2026-32967
9.1 CRITICAL

Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, …

Jun 17, 2026
CVE-2026-32966
9.8 CRITICAL

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended …

Jun 17, 2026
CVE-2026-27429
9.8 CRITICAL

Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.

Jun 17, 2026
CVE-2026-27395
9.8 CRITICAL

Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.

Jun 17, 2026
CVE-2026-27041
9.9 CRITICAL

Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.

Jun 17, 2026
CVE-2026-25470
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This …

Jun 17, 2026
CVE-2026-25446
9.9 CRITICAL

Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.

Jun 17, 2026
CVE-2026-24611
9.1 CRITICAL

Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.

Jun 17, 2026
CVE-2026-22340
9.3 CRITICAL

Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.

Jun 17, 2026
CVE-2026-22332
9.3 CRITICAL

Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.

Jun 17, 2026
CVE-2026-22327
9.9 CRITICAL

Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.

Jun 17, 2026
CVE-2026-12440
9.6 CRITICAL

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 17, 2026
CVE-2026-10094
9.8 CRITICAL

A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files …

Jun 17, 2026
CVE-2025-69179
9.8 CRITICAL

Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.

Jun 17, 2026
CVE-2025-69129
10.0 CRITICAL

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.

Jun 17, 2026
CVE-2025-69122
9.8 CRITICAL

Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.

Jun 17, 2026
CVE-2025-69108
9.8 CRITICAL

Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.

Jun 17, 2026
CVE-2025-60218
9.9 CRITICAL

Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.

Jun 17, 2026
CVE-2025-60205
9.8 CRITICAL

Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.

Jun 17, 2026
CVE-2024-52488
9.9 CRITICAL

Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.

Jun 17, 2026
CVE-2026-46978
10.0 CRITICAL

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows …

Jun 17, 2026
CVE-2026-46964
9.9 CRITICAL

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. …

Jun 17, 2026
CVE-2026-46963
9.9 CRITICAL

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. …

Jun 17, 2026
CVE-2026-46949
9.1 CRITICAL

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability …

Jun 17, 2026
CVE-2026-46946
9.1 CRITICAL

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high …

Jun 17, 2026
CVE-2026-46945
9.1 CRITICAL

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high …

Jun 17, 2026
CVE-2026-46944
9.1 CRITICAL

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high …

Jun 17, 2026
CVE-2026-46933
9.9 CRITICAL

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows …

Jun 17, 2026
CVE-2026-46930
9.1 CRITICAL

Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.12-12.2.15. …

Jun 17, 2026
CVE-2026-46919
9.8 CRITICAL

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable …

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.