CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2025-69164
High

There is an unauthenticated local file inclusion vulnerability in Skyward versions <= 1.10.

CVE-2025-69158
High

Versions of Granola <= 1.13 are vulnerable to unauthenticated local file inclusion, which may lead to the exposure of sensitive data.

CVE-2025-69157
High

Versions of Gamic <= 1.15 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.

CVE-2025-69144
High

There is a vulnerability in Preservation <= 1.10 that allows unauthenticated local file inclusion.

CVE-2025-69140
High

Versions of SweetDate Core below 1.1.5 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2025-69130
High

In versions of the Entrepreneur - Booking for Small Businesses WordPress theme up to 3.1.3, there is a PHP Object Injection vulnerability related to subscribers.

CVE-2025-69128
High

CVE-2025-69128 describes an improper limitation of a pathname to a restricted directory, allowing Path Traversal in the EMV JobCareer application. This issue affects JobCareer versions from n/a through 7.3.

CVE-2025-69126
High

There is a vulnerability in Fortius <= 2.3.0 versions that allows unauthenticated local file inclusion.

CVE-2025-69123
High

Versions of Snow Club up to 1.1 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.

CVE-2025-69120
High

There is an unauthenticated local file inclusion vulnerability in Dazzle <= 1.0.0 versions.

CVE-2025-69115
High

The LuxMed | Medicine & Healthcare Doctor WordPress theme versions up to 1.2.2 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to sensitive data on the server.

CVE-2025-69106
High

There is an unauthenticated local file inclusion vulnerability in Imba versions up to 1.5.0.

CVE-2025-68524
High

Versions of Avante below 3.0.5 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2025-66391
High

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, allowing an attacker to reset a user's password by sending a one-time password to an attacker-controlled email address.

CVE-2026-9690
High

The WP Media folder plugin in versions <= 4.0.1 has a vulnerability allowing unauthenticated arbitrary file download.

CVE-2026-9570
High

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitize a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.

CVE-2026-8089
High

The weMail: Email Marketing plugin for WooCommerce WordPress before version 2.1.3 improperly processes user-supplied parameters, allowing for Reflected Cross-Site Scripting (XSS) attacks against authenticated users.

CVE-2026-5667
High

A vulnerability related to the use of hard-coded credentials in various Mitsubishi Electric products, such as air conditioners and ventilation devices. An attacker within Wi-Fi range can access the device using a hard-coded SSID and password.

CVE-2026-54805
High

Falang multilanguage versions up to 1.4.2 contain a vulnerability that allows subscribers to escalate privileges.

CVE-2026-54804
High

Versions of Melhor Envio up to 2.16.3 contain a vulnerability in the subscriber authentication mechanism, which may lead to unauthorized access.

PreviousPage 94 of 3315Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS