Search
Search Results (361191 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69165 | 2 Themerex, Wordpress | 2 Choreo, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Choreo <= 1.6 versions. | ||||
| CVE-2025-69167 | 2 Themerex, Wordpress | 2 Eros, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Eros <= 1.3 versions. | ||||
| CVE-2025-69168 | 2 Themerex, Wordpress | 2 Spike, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Spike <= 1.2 versions. | ||||
| CVE-2025-69176 | 2 Themerex, Wordpress | 2 Itactics, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in ITactics <= 1.0 versions. | ||||
| CVE-2026-39522 | 2 Elated-themes, Wordpress | 2 Solene, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Solene <= 3.4 versions. | ||||
| CVE-2026-39547 | 2 Select-themes, Wordpress | 2 Getaway, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Getaway < 1.8 versions. | ||||
| CVE-2026-39554 | 2 Elated-themes, Wordpress | 2 Fidalgo, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions. | ||||
| CVE-2026-39567 | 2 Select-themes, Wordpress | 2 Santé, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions. | ||||
| CVE-2026-39568 | 2 Elated-themes, Wordpress | 2 Mr Seo, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions. | ||||
| CVE-2026-39577 | 2 Elated-themes, Wordpress | 2 Playroom, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions. | ||||
| CVE-2026-39578 | 2 Elated-themes, Wordpress | 2 Valiance, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Valiance <= 1.2 versions. | ||||
| CVE-2026-39580 | 2 Select-themes, Wordpress | 2 Micdrop, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions. | ||||
| CVE-2026-40751 | 2 Mikado-themes, Wordpress | 2 Ashtanga, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions. | ||||
| CVE-2026-40755 | 2 Mikado-themes, Wordpress | 2 Techlink, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in TechLink <= 1.3 versions. | ||||
| CVE-2026-40758 | 2 Elated-themes, Wordpress | 2 Léonie, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions. | ||||
| CVE-2026-40759 | 2 Mikado-themes, Wordpress | 2 Esmée, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Esmée <= 1.4 versions. | ||||
| CVE-2026-11409 | 1 Tp-link | 1 Tl-wr940n V6 | 2026-06-26 | N/A |
| An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. | ||||
| CVE-2025-66391 | 1 Citrix | 1 Citrix Cloud | 2026-06-26 | 8.8 High |
| In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account. | ||||
| CVE-2025-26240 | 1 Jazzcore | 1 Python-pdfkit | 2026-06-26 | 8.4 High |
| In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files. | ||||
| CVE-2026-36418 | 1 Jeecg | 1 Jimureport | 2026-06-26 | 9.1 Critical |
| JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute arbitrary code. | ||||