Search

Expected end of text, found '.' (at char 30), (line:1, col:31)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (360133 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69108 2 Themerex, Wordpress 2 Hot Coffee, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.
CVE-2025-69109 2 Themerex, Wordpress 2 Raider Spirit, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.
CVE-2025-69119 2 Themerex, Wordpress 2 Corbesier, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.
CVE-2025-69121 2 Themerex, Wordpress 2 Deliciosa, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.
CVE-2025-69122 2 Themerex, Wordpress 2 Seafood Company, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
CVE-2025-69125 2 Themerex, Wordpress 2 Food Drop, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.
CVE-2025-69131 2 Extendons, Wordpress 2 Wordpress & Woocommerce Scraper Plugin, Import Data From Any Site, Wordpress 2026-06-23 7.5 High
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-69136 2 Themelogi, Wordpress 2 Wanium, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions.
CVE-2025-69137 2 Jthemes, Wordpress 2 Genemy, Wordpress 2026-06-23 6.5 Medium
Subscriber Broken Access Control in Genemy <= 1.6.6 versions.
CVE-2025-69141 2 Themerex, Wordpress 2 Kelly Young, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.
CVE-2025-69149 2 Themerex, Wordpress 2 Top Dog, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions.
CVE-2025-69177 2 Themelogi, Wordpress 2 Roneous, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.
CVE-2025-69178 2 Cactusthemes, Wordpress 2 Truemag, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.
CVE-2026-27429 2 Boldthemes, Wordpress 2 Nifty, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
CVE-2026-34893 2 Webgeniuslab, Wordpress 2 Thegov Core, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
CVE-2026-34894 2 Webgeniuslab, Wordpress 2 Integrio Core, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
CVE-2026-56346 2 Avideo, Wwbn 2 Avideo, Avideo 2026-06-23 6.5 Medium
AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks.
CVE-2026-56120 2026-06-23 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784.
CVE-2026-56236 1 Capgo 1 Cli 2026-06-23 6.1 Medium
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.
CVE-2026-56265 1 Crawl4ai 1 Crawl4ai 2026-06-23 9.8 Critical
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality.