Search

Search Results (334004 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-60085 2 Themerex Group, Wordpress 2 Learnify, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.
CVE-2025-69103 2 Utillz, Wordpress 2 Brikk, Wordpress 2026-06-23 7.5 High
Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
CVE-2025-69104 2 Jkdevstudio, Wordpress 2 Qreatix, Wordpress 2026-06-23 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
CVE-2025-69107 2 Themerex, Wordpress 2 Rosaleen, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.
CVE-2025-69108 2 Themerex, Wordpress 2 Hot Coffee, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.
CVE-2025-69109 2 Themerex, Wordpress 2 Raider Spirit, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.
CVE-2025-69119 2 Themerex, Wordpress 2 Corbesier, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.
CVE-2025-69121 2 Themerex, Wordpress 2 Deliciosa, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.
CVE-2025-69122 2 Themerex, Wordpress 2 Seafood Company, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
CVE-2025-69125 2 Themerex, Wordpress 2 Food Drop, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.
CVE-2025-69131 2 Extendons, Wordpress 2 Wordpress & Woocommerce Scraper Plugin, Import Data From Any Site, Wordpress 2026-06-23 7.5 High
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-69136 2 Themelogi, Wordpress 2 Wanium, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions.
CVE-2025-69137 2 Jthemes, Wordpress 2 Genemy, Wordpress 2026-06-23 6.5 Medium
Subscriber Broken Access Control in Genemy <= 1.6.6 versions.
CVE-2025-69141 2 Themerex, Wordpress 2 Kelly Young, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.
CVE-2025-69149 2 Themerex, Wordpress 2 Top Dog, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions.
CVE-2025-69177 2 Themelogi, Wordpress 2 Roneous, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.
CVE-2025-69178 2 Cactusthemes, Wordpress 2 Truemag, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.
CVE-2025-4994 1 Safeline 1 Safeline Sl6/sl6+ 2026-06-23 N/A
The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration.
CVE-2025-71382 1 Artifexsoftware 1 Mupdf 2026-06-23 6.5 Medium
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering.
CVE-2025-64898 1 Adobe 1 Coldfusion 2026-06-23 5.3 Medium
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or transmitted credentials. Exploitation of this issue does not require user interaction.