Search Results (86937 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53345 2 Thimpress, Wordpress 2 Thim Core, Wordpress 2026-06-02 8.8 High
Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3.
CVE-2025-53440 2 Axiomthemes, Wordpress 2 Confidant, Wordpress 2026-06-02 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4.
CVE-2025-58024 2 Unboundstudio, Wordpress 2 Accordion Faq, Wordpress 2026-06-02 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1.
CVE-2025-58705 2 Axiomthemes, Wordpress 2 Crafti, Wordpress 2026-06-02 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12.
CVE-2026-42670 2 Etoile Web Design Incorporated, Wordpress 2 Five Star Restaurant Reservations, Wordpress 2026-06-02 7.5 High
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14.
CVE-2026-42685 2 Ahmad, Wordpress 2 Wp Job Portal, Wordpress 2026-06-02 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1.
CVE-2026-39550 2 Elated-themes, Wordpress 2 Aperitif, Wordpress 2026-06-02 8.1 High
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.
CVE-2026-39551 2 Elated-themes, Wordpress 2 Töbel, Wordpress 2026-06-02 8.1 High
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.
CVE-2026-39552 2 Code Supply Co., Wordpress 2 Blueprint, Wordpress 2026-06-02 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5.
CVE-2026-39553 2 Select-themes, Wordpress 2 Waveride, Wordpress 2026-06-02 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4.
CVE-2025-58707 2 Axiomthemes, Wordpress 2 Spin, Wordpress 2026-06-02 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8.
CVE-2025-58897 2 Axiomthemes, Wordpress 2 Fermentio, Wordpress 2026-06-02 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0.
CVE-2025-69369 2 Axiomthemes, Wordpress 2 Racquet, Wordpress 2026-06-02 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0.
CVE-2025-68886 2 Androthemes, Wordpress 2 Cookiteer, Wordpress 2026-06-02 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8.
CVE-2026-40619 1 Genetec 1 Security Center 2026-06-02 7.8 High
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation. This vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number. Consequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.
CVE-2026-40780 2 Liquid Web / Stellarwp, Wordpress 2 Bookit, Wordpress 2026-06-02 7.5 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1.
CVE-2026-47314 2 Samsung, Samsung Open Source 2 Escargot, Escargot 2026-06-02 7.8 High
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2025-13392 1 Synology 1 Diskstation Manager 2026-06-02 8.1 High
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).
CVE-2025-14713 1 Synology 2 C2 Identity Edge Server, Diskstation Manager 2026-06-02 7.5 High
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.
CVE-2025-30028 1 Synology 2 Active Backup For Business, Diskstation Manager 2026-06-02 8.6 High
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.