Browse CVEs | Page 39

Total CVEs

138,591

Critical Severity

3,578

High Severity

12,841

Last 7 Days

1,635

Clear Filters

📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →

Showing 761 - 780 of 34,996 CVEs

CVE-2025-69144 HIGH - 8.1

Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.

Vendor: ThemeREX

Product: Preservation

Published: Jun 17, 2026

Source: NVD

CVE-2025-69140 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.

Vendor: SeventhQueen

Product: SweetDate Core

Published: Jun 17, 2026

Source: NVD

CVE-2025-69130 HIGH - 8.8

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.

Vendor: Themovation

Product: Entrepreneur - Booking for Small Businesses WordPress Theme

Published: Jun 17, 2026

Source: NVD

CVE-2025-69128 HIGH - 8.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3.

Vendor: EMV

Product: JobCareer

Published: Jun 17, 2026

Source: NVD

CVE-2025-69127 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.

Vendor: ThemeREX

Product: Plumbing

Published: Jun 17, 2026

Source: NVD

CVE-2025-69126 HIGH - 8.1

Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.

Vendor: ThemeREX

Product: Fortius

Published: Jun 17, 2026

Source: NVD

CVE-2025-69123 HIGH - 8.1

Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.

Vendor: ThemeREX

Product: Snow Club

Published: Jun 17, 2026

Source: NVD

CVE-2025-69120 HIGH - 8.1

Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.

Vendor: ThemeREX

Product: Dazzle

Published: Jun 17, 2026

Source: NVD

CVE-2025-69115 HIGH - 8.1

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.

Vendor: ThemeREX

Product: LuxMed | Medicine & Healthcare Doctor WordPress Theme

Published: Jun 17, 2026

Source: NVD

CVE-2025-69111 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.

Vendor: ThemeREX

Product: Reisen

Published: Jun 17, 2026

Source: NVD

CVE-2025-69106 HIGH - 8.1

Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.

Vendor: ThemeREX

Product: Imba

Published: Jun 17, 2026

Source: NVD

CVE-2025-68524 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.

Vendor: ThemeGoods

Product: Avante

Published: Jun 17, 2026

Source: NVD

CVE-2025-66391 HIGH - 8.8

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.

Published: Jun 17, 2026

Source: NVD

CVE-2025-60236 CRITICAL - 9.8

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5.

Vendor: EMV

Product: Creatify

Published: Jun 17, 2026

Source: NVD

CVE-2025-60231 CRITICAL - 9.8

Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1.

Vendor: EMV

Product: The Hospital

Published: Jun 17, 2026

Source: NVD

CVE-2025-60230 CRITICAL - 9.8

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9.

Vendor: Themeton

Product: The Barber Shop

Published: Jun 17, 2026

Source: NVD

CVE-2025-60229 CRITICAL - 9.8

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.

Vendor: Themeton

Product: Lagom

Published: Jun 17, 2026

Source: NVD

CVE-2025-59554 CRITICAL - 9.3

Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.

Vendor: Advanced Ads GmbH

Product: Advanced Ads – Tracking

Published: Jun 17, 2026

Source: NVD

CVE-2025-15657 MEDIUM - 5.3

Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.

Vendor: Mojoomla

Product: School Management

Published: Jun 17, 2026

Source: NVD

CVE-2026-54015 MEDIUM - 6.4

Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Vendor: pip

Product: open-webui

Published: Jun 17, 2026

Source: GitHub

« Previous 37 38 39 40 41 Next »