Export limit exceeded: 359291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359291 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69146 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Dom <= 1.24 versions. | ||||
| CVE-2025-69147 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Putter <= 1.17 versions. | ||||
| CVE-2025-69149 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions. | ||||
| CVE-2025-69150 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Medeus <= 1.14 versions. | ||||
| CVE-2025-69151 | 2 Themegoods, Wordpress | 2 Grand Car Rental, Wordpress | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions. | ||||
| CVE-2026-8089 | 2026-06-17 | 7.1 High | ||
| The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL. | ||||
| CVE-2025-69159 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Printo <= 1.11 versions. | ||||
| CVE-2025-69160 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Gita <= 1.11 versions. | ||||
| CVE-2025-69162 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Grecko <= 5.17 versions. | ||||
| CVE-2026-8383 | 2026-06-17 | 5.3 Medium | ||
| The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request | ||||
| CVE-2025-69163 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in WineShop <= 3.17 versions. | ||||
| CVE-2025-69165 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Choreo <= 1.6 versions. | ||||
| CVE-2025-69167 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Eros <= 1.3 versions. | ||||
| CVE-2026-9570 | 2 Taskbuilder, Wordpress | 2 Taskbuilder, Wordpress | 2026-06-17 | 7.1 High |
| The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user. | ||||
| CVE-2025-69168 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Spike <= 1.2 versions. | ||||
| CVE-2025-69176 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in ITactics <= 1.0 versions. | ||||
| CVE-2025-69177 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions. | ||||
| CVE-2025-69178 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions. | ||||
| CVE-2026-12256 | 2026-06-17 | 8.8 High | ||
| Contributor PHP Object Injection in Avada <= 3.15.3 versions. | ||||
| CVE-2026-27395 | 2 Schiocco, Wordpress | 2 Support Board, Wordpress | 2026-06-17 | 9.8 Critical |
| Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions. | ||||