Export limit exceeded: 85331 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85331 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39554 2 Elated-themes, Wordpress 2 Fidalgo, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.
CVE-2026-39567 2 Select-themes, Wordpress 2 Santé, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
CVE-2026-39568 2 Elated-themes, Wordpress 2 Mr Seo, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
CVE-2026-39577 2 Elated-themes, Wordpress 2 Playroom, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
CVE-2026-39578 2 Elated-themes, Wordpress 2 Valiance, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
CVE-2026-39580 2 Select-themes, Wordpress 2 Micdrop, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
CVE-2026-40751 2 Mikado-themes, Wordpress 2 Ashtanga, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
CVE-2026-40755 2 Mikado-themes, Wordpress 2 Techlink, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
CVE-2026-40758 2 Elated-themes, Wordpress 2 Léonie, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
CVE-2026-40759 2 Mikado-themes, Wordpress 2 Esmée, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
CVE-2025-66391 1 Citrix 1 Citrix Cloud 2026-06-26 8.8 High
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.
CVE-2025-26240 1 Jazzcore 1 Python-pdfkit 2026-06-26 8.4 High
In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files.
CVE-2025-58952 2 Themerex, Wordpress 2 Neuronet, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.
CVE-2025-58953 2 Themerex, Wordpress 2 Joly, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.
CVE-2025-58954 2 Themerex, Wordpress 2 Homeroofer, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
CVE-2025-69117 2 Themerex, Wordpress 2 Ingenioso, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
CVE-2025-69145 2 Themerex, Wordpress 2 Gat, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Gat <= 1.16 versions.
CVE-2025-69148 2 Themerex, Wordpress 2 Quirky, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Quirky <= 1.23 versions.
CVE-2025-69172 2 Themerex, Wordpress 2 Resurs, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.
CVE-2025-69173 2 Themerex, Wordpress 2 Tipsy, Wordpress 2026-06-26 8.1 High
Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions.