Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-69128 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3. | 8.6 | 0.46% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69127 | Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69126 | Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. | 8.1 | 0.35% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69123 | Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. | 8.1 | 0.35% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69120 | Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. | 8.1 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69115 | Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions. | 8.1 | 0.35% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69111 | Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69106 | Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions. | 8.1 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2025-68524 | Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions. | 7.1 | 0.23% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60236 | Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5. | 9.8 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60231 | Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1. | 9.8 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60230 | Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9. | 9.8 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60229 | Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0. | 9.8 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2025-59554 | Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions. | 9.3 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-9690 | Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions. | 7.5 | 0.47% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54811 | Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54807 | Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. | 9.8 | 0.45% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54806 | Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. | 9.8 | 0.59% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54805 | Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions. | 8.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54804 | Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions. | 7.6 | 0.28% | 2026-06-17 | 2026-06-17 |