Search

Expected end of text, found '/' (at char 39), (line:1, col:40)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (357326 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-69160 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Gita <= 1.11 versions.
CVE-2025-69162 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.
CVE-2026-8383 2026-06-17 5.3 Medium
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
CVE-2025-69163 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in WineShop <= 3.17 versions.
CVE-2025-69165 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.
CVE-2025-69167 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Eros <= 1.3 versions.
CVE-2026-9570 2 Taskbuilder, Wordpress 2 Taskbuilder, Wordpress 2026-06-17 7.1 High
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.
CVE-2025-69168 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Spike <= 1.2 versions.
CVE-2025-69176 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.
CVE-2025-69177 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.
CVE-2026-34893 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
CVE-2026-34894 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
CVE-2025-48571 1 Google 1 Android 2026-06-17 4.3 Medium
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2026-34895 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
CVE-2026-39433 2026-06-17 6.5 Medium
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
CVE-2026-39438 2026-06-17 9.3 Critical
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
CVE-2026-39443 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
CVE-2026-39446 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
CVE-2026-39522 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
CVE-2026-39529 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.