Export limit exceeded: 366404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 86842 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (86842 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69103 | 2 Utillz, Wordpress | 2 Brikk, Wordpress | 2026-06-23 | 7.5 High |
| Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions. | ||||
| CVE-2025-69104 | 2 Jkdevstudio, Wordpress | 2 Qreatix, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions. | ||||
| CVE-2025-69107 | 2 Themerex, Wordpress | 2 Rosaleen, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions. | ||||
| CVE-2025-69109 | 2 Themerex, Wordpress | 2 Raider Spirit, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions. | ||||
| CVE-2025-69119 | 2 Themerex, Wordpress | 2 Corbesier, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions. | ||||
| CVE-2025-69121 | 2 Themerex, Wordpress | 2 Deliciosa, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions. | ||||
| CVE-2025-69125 | 2 Themerex, Wordpress | 2 Food Drop, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions. | ||||
| CVE-2025-69131 | 2 Extendons, Wordpress | 2 Wordpress & Woocommerce Scraper Plugin, Import Data From Any Site, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | ||||
| CVE-2025-69136 | 2 Themelogi, Wordpress | 2 Wanium, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions. | ||||
| CVE-2025-69141 | 2 Themerex, Wordpress | 2 Kelly Young, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions. | ||||
| CVE-2025-69149 | 2 Themerex, Wordpress | 2 Top Dog, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions. | ||||
| CVE-2025-69177 | 2 Themelogi, Wordpress | 2 Roneous, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions. | ||||
| CVE-2025-69178 | 2 Cactusthemes, Wordpress | 2 Truemag, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions. | ||||
| CVE-2026-34893 | 2 Webgeniuslab, Wordpress | 2 Thegov Core, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions. | ||||
| CVE-2026-34894 | 2 Webgeniuslab, Wordpress | 2 Integrio Core, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions. | ||||
| CVE-2026-41045 | 1 Presire | 1 Qsnapper | 2026-06-23 | 8.1 High |
| A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user. | ||||
| CVE-2026-41046 | 1 Presire | 1 Qsnapper | 2026-06-23 | 7.3 High |
| A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root. | ||||
| CVE-2026-55388 | 1 Piscinajs | 1 Piscina | 2026-06-23 | 8.1 High |
| piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When Object.prototype.filename is polluted upstream the inherited value flows to worker_threads.Worker import and the attacker's .mjs runs in the worker. This vulnerability is fixed in 6.0.0-rc.2, 5.2.0, and 4.9.3. | ||||
| CVE-2026-10711 | 1 Akin | 1 Cafeplus | 2026-06-23 | 8.8 High |
| Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CafePlus: from 12.05.03 before 12.05.04. | ||||
| CVE-2026-12957 | 1 Amazon | 1 Language Servers For Aws | 2026-06-23 | 7.8 High |
| Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted. To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher. | ||||