Export limit exceeded: 359753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359753 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69144 | 2 Themerex, Wordpress | 2 Preservation, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Preservation <= 1.10 versions. | ||||
| CVE-2025-69164 | 2 Themerex, Wordpress | 2 Skyward, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Skyward <= 1.10 versions. | ||||
| CVE-2025-69170 | 2 Themerex, Wordpress | 2 Eventicity, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions. | ||||
| CVE-2025-69175 | 2 Themerex, Wordpress | 2 Line Agency, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions. | ||||
| CVE-2026-39445 | 2 Presslayouts, Wordpress | 2 Alukas, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions. | ||||
| CVE-2026-39559 | 2 Codesupplyco, Wordpress | 2 Uppercase, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions. | ||||
| CVE-2026-40738 | 2 Edge-themes, Wordpress | 2 Eldon, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions. | ||||
| CVE-2026-40752 | 2 Select-themes, Wordpress | 2 Manufaktur Solutions, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions. | ||||
| CVE-2026-49108 | 2 Park Of Ideas, Wordpress | 2 Moderno, Wordpress | 2026-06-20 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Moderno < 1.43 versions. | ||||
| CVE-2025-60229 | 2 Themeton, Wordpress | 2 Lagom, Wordpress | 2026-06-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0. | ||||
| CVE-2025-60230 | 2 Themeton, Wordpress | 2 The Barber Shop, Wordpress | 2026-06-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9. | ||||
| CVE-2026-54819 | 2 Webilia Inc., Wordpress | 2 Listdom, Wordpress | 2026-06-20 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | ||||
| CVE-2026-54815 | 2 Cargo Rd, Wordpress | 2 Cargo Shipping Location For Woocommerce, Wordpress | 2026-06-20 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | ||||
| CVE-2025-60231 | 2 Emv, Wordpress | 2 The Hospital, Wordpress | 2026-06-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1. | ||||
| CVE-2025-60236 | 2 Emv, Wordpress | 2 Creatify, Wordpress | 2026-06-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5. | ||||
| CVE-2025-69128 | 2 Emv, Wordpress | 2 Jobcareer, Wordpress | 2026-06-20 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3. | ||||
| CVE-2025-69189 | 2 Emv, Wordpress | 2 Jobbank, Wordpress | 2026-06-20 | 7.3 High |
| Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3. | ||||
| CVE-2026-54808 | 2 Wordpress, Wp Travel | 2 Wordpress, Wp Travel Gutenberg Blocks | 2026-06-20 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. | ||||
| CVE-2026-54809 | 2 Villatheme, Wordpress | 2 Gift4u, Wordpress | 2026-06-20 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | ||||
| CVE-2026-48117 | 1 Fduflyer | 1 Droneaware-node-releases | 2026-06-20 | 6.8 Medium |
| DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed account activation. When the legitimate owner later activated the account, either by clicking the email verification link or by logging in via Google SSO, the attacker-set password became fully valid, enabling silent and persistent account takeover without any notification to the victim. The vulnerability was fixed server-side on 2025-05-20; no user action is required. Node binaries and self-hosted detection nodes are not affected. There are no workarounds; the fix was deployed server-side and no client-side mitigation is applicable. | ||||