Search

Expected end of text, found '/' (at char 37), (line:1, col:38)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344467 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-69131 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-69136 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions.
CVE-2025-69137 2026-06-17 6.5 Medium
Subscriber Broken Access Control in Genemy <= 1.6.6 versions.
CVE-2026-12461 1 Google 1 Chrome 2026-06-17 6.5 Medium
Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CVE-2025-69139 2 Aivahthemes, Wordpress 2 Car Zone, Wordpress 2026-06-17 8.6 High
Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions.
CVE-2025-69141 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.
CVE-2025-69151 2 Themegoods, Wordpress 2 Grand Car Rental, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
CVE-2026-8089 2026-06-17 7.1 High
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL.
CVE-2025-69159 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Printo <= 1.11 versions.
CVE-2025-69160 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Gita <= 1.11 versions.
CVE-2025-69162 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.
CVE-2026-8383 2026-06-17 5.3 Medium
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
CVE-2025-69163 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in WineShop <= 3.17 versions.
CVE-2025-69165 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.
CVE-2025-69167 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Eros <= 1.3 versions.
CVE-2026-9570 2 Taskbuilder, Wordpress 2 Taskbuilder, Wordpress 2026-06-17 7.1 High
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.
CVE-2025-69168 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Spike <= 1.2 versions.
CVE-2025-69176 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.
CVE-2025-69177 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.
CVE-2026-28819 1 Apple 4 Ios And Ipados, Ipados, Iphone Os and 1 more 2026-06-17 5.4 Medium
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.