Skip to main content
CVE-2019-25441 CRITICAL POC Act Now

Unauthenticated command injection in thesystem 1.0. EPSS 3.4%. PoC available.

Command Injection Thesystem
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2026-26725 CRITICAL POC Act Now

Privilege escalation in Print Shop Pro WebDesk v.18.34 via AccessID parameter. PoC available.

Privilege Escalation Print Shop Pro Webdesk
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26722 CRITICAL POC Act Now

Privilege escalation in Key Systems Global Facilities Management Software via PIN component. PoC available.

Privilege Escalation Global Facilities Management Software
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-26980 CRITICAL POC PATCH GHSA Act Now

SQL injection in Ghost CMS versions 3.24.0 through 6.19.0 allows unauthenticated attackers to read arbitrary database data. Patch available.

Node.js SQLi
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-25896 CRITICAL POC PATCH Act Now

ReDoS in fast-xml-parser before fix via crafted XML. PoC and patch available.

XSS Fast Xml Parser
NVD GitHub VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2019-25444 CRITICAL POC Act Now

SQL injection in Fiverr Clone Script 1.2.2. PoC available.

SQLi Fiverr Clone Script
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-26747 CRITICAL POC Act Now

Host Header Poisoning in Monica 4.1.2 CRM. PoC available.

PHP Monica
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-26988 CRITICAL POC PATCH Act Now

SQL injection in LibreNMS 25.12.0 and below. PoC and patch available.

PHP MySQL SNMP SQLi Librenms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2021-35402 CRITICAL Act Now

Unauthenticated OS command injection in PROLiNK PRC2402M router via ip parameter. EPSS 0.39%.

Command Injection
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-30412 CRITICAL Act Now

Second improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
CVSS 3.0
10.0
EPSS
0.0%
CVE-2025-30411 CRITICAL Act Now

Improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
CVSS 3.0
10.0
EPSS
0.0%
CVE-2025-30416 CRITICAL Act Now

Missing authorization in Acronis Cyber Protect 16 allows sensitive data access. CVSS 10.0.

Linux Windows Cyber Protect
NVD
CVSS 3.0
10.0
EPSS
0.0%
CVE-2026-27112 CRITICAL PATCH Act Now

Authorization bypass in Kargo Kubernetes promotion tool from 1.7.0 before 1.7.8/1.8.11/1.9.3. Batch resource creation bypasses authorization checks. Patch available.

Golang Kubernetes RCE Kargo Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-2039 CRITICAL Act Now

Auth bypass in GFI Archiver via MArc.Store missing authorization. EPSS 0.59%.

Authentication Bypass Archiver
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-2038 CRITICAL Act Now

Auth bypass in GFI Archiver via MArc.Core missing authorization. EPSS 0.59%.

Authentication Bypass Archiver
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-67979 CRITICAL Act Now

Code injection in WPForms Google Sheet Connector (gsheetconnector-wpforms) WordPress plugin allows arbitrary code execution.

Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-69403 CRITICAL Act Now

Unrestricted file upload in Bravis Addons (bravis-addons) WordPress theme allows uploading web shells for remote code execution.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-68549 CRITICAL Act Now

Unrestricted file upload in Wiguard (wiguard) WordPress theme allows uploading web shells for remote code execution.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-70831 CRITICAL Act Now

RCE in Smanga 3.2.7 via command injection in /php/path/rescan.php. EPSS 0.29%.

PHP RCE Smanga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-26093 CRITICAL Act Now

Command injection in Owl OPDS 2.2.0.4. EPSS 0.29%.

Command Injection Opds Talon
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-2333 CRITICAL Act Now

Command injection in Owl OPDS 2.2.0.4 — duplicate of CVE-2026-26093.

Command Injection Opds Talon
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-26974 CRITICAL PATCH Act Now

Code inclusion from untrusted source in Slyde presentation tool 0.0.4 and below. Automatically imports plugin files. Patch available.

Node.js Slyde
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25715 CRITICAL Act Now

Blank admin credentials allowed in device web management. Admin can set empty password, making device fully accessible.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27002 CRITICAL PATCH Act Now

Configuration injection in OpenClaw Docker sandbox before 2026.2.15 allows escaping sandbox restrictions. Patch available.

.NET Docker DNS AI / ML Openclaw
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22384 CRITICAL Act Now

leafcolor Applay - Shortcodes applay-shortcodes is affected by deserialization of untrusted data (CVSS 8.8).

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69405 CRITICAL Act Now

Deserialization of untrusted data in Lorem Ipsum Books & Media (lorem-ipsum-books-media-store) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69404 CRITICAL Act Now

Deserialization of untrusted data in Extreme Store (extremestore) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69382 CRITICAL Act Now

Deserialization of untrusted data in Themesflat Elementor (themesflat-elementor) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69372 CRITICAL Act Now

Deserialization of untrusted data in SevenHills (sevenhills) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69371 CRITICAL Act Now

Deserialization of untrusted data in KindlyCare (kindlycare) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69370 CRITICAL Act Now

Deserialization of untrusted data in Capella (capella) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69329 CRITICAL Act Now

Deserialization of untrusted data in Prestige (prestige) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69301 CRITICAL Act Now

Deserialization of untrusted data in PhotoMe (photome) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-68541 CRITICAL Act Now

Deserialization of untrusted data in Ippsum (ippsum) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67997 CRITICAL Act Now

Deserialization of untrusted data in Travelicious (travelicious) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67996 CRITICAL Act Now

Deserialization of untrusted data in Nestin (nestin) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67995 CRITICAL Act Now

Deserialization of untrusted data in PatioTime (patiotime) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-10970 CRITICAL Act Now

SQL injection in Kolay Software Talentics.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-30410 CRITICAL Act Now

Missing authentication in Acronis Cyber Protect Cloud Agent (Linux, Windows, macOS).

Linux Windows macOS
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2025-70833 CRITICAL Act Now

Auth bypass in Smanga 3.2.7 allows unauthenticated password reset for any user including admin.

PHP Authentication Bypass Smanga
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-24956 CRITICAL Act Now

Blind SQL injection in Download Manager Addons for Elementor (download-manager-addons-for-elementor) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69366 CRITICAL Act Now

Blind SQL injection in Emerce Core (emerce-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69365 CRITICAL Act Now

Blind SQL injection in Uroan Core (uroan-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69337 CRITICAL Act Now

Blind SQL injection in Wolmart Core (wolmart-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69310 CRITICAL Act Now

Blind SQL injection in Woodly Core (woodly-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69309 CRITICAL Act Now

Blind SQL injection in Saasplate Core (saasplate-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69308 CRITICAL Act Now

Blind SQL injection in Nestbyte Core (nestbyte-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69307 CRITICAL Act Now

Blind SQL injection in Medinik Core (medinik-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69306 CRITICAL Act Now

Blind SQL injection in Electio Core (electio-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69305 CRITICAL Act Now

Blind SQL injection in Crete Core (crete-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy