Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1230 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2019-25760 1 Joomtech 1 Easy Shop 2026-06-22 6.2 Medium
Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to com_easyshop, task set to ajax.loadImage, and a base64-encoded file path in the file parameter to retrieve sensitive files like configuration.php and system files.
CVE-2026-34895 2 Webgeniuslab, Wordpress 2 Softlab Core, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
CVE-2025-69110 2 Themerex, Wordpress 2 Airsupply, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.
CVE-2025-69161 2 Themerex, Wordpress 2 Snowy, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Snowy <= 1.13 versions.
CVE-2025-69171 2 Themerex, Wordpress 2 Orpheus, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.
CVE-2026-39582 2 Wordpress, Xtemos 2 Wordpress, Hitek 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
CVE-2025-69115 2 Themerex, Wordpress 2 Luxmed | Medicine & Healthcare Doctor Wordpress Theme, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
CVE-2025-69144 2 Themerex, Wordpress 2 Preservation, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
CVE-2025-69164 2 Themerex, Wordpress 2 Skyward, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
CVE-2025-69170 2 Themerex, Wordpress 2 Eventicity, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
CVE-2025-69175 2 Themerex, Wordpress 2 Line Agency, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
CVE-2026-39559 2 Codesupplyco, Wordpress 2 Uppercase, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.
CVE-2026-48820 1 Cakephp 1 Cakephp 2026-06-18 N/A
CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server. Patched releases are available in 5.3.6, 5.2.13, 5.1.7, 4.6.4, and 4.5.11.
CVE-2025-69148 2026-06-18 8.1 High
Unauthenticated Local File Inclusion in Quirky <= 1.23 versions.
CVE-2025-69112 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions.
CVE-2025-69158 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
CVE-2026-22338 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.
CVE-2025-69117 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
CVE-2026-22326 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.
CVE-2026-22330 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.