| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39445 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions. | |||
| CVE-2026-39442 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions. | |||
| CVE-2025-69175 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions. | |||
| CVE-2025-69174 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Etude <= 1.6 versions. | |||
| CVE-2025-69170 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions. | |||
| CVE-2025-69166 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions. | |||
| CVE-2025-69164 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Skyward <= 1.10 versions. | |||
| CVE-2025-69158 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Granola <= 1.13 versions. | |||
| CVE-2025-69157 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Gamic <= 1.15 versions. | |||
| CVE-2025-69144 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Preservation <= 1.10 versions. | |||
| CVE-2025-69140 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions. | |||
| CVE-2025-69130 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions. | |||
| CVE-2025-69127 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions. | |||
| CVE-2025-69126 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. | |||
| CVE-2025-69123 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. | |||
| CVE-2025-69120 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. | |||
| CVE-2025-69115 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions. | |||
| CVE-2025-69111 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. | |||
| CVE-2025-69106 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions. | |||
| CVE-2025-68524 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions. | |||
| CVE-2025-59554 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions. | |||
| CVE-2025-15657 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions. | |||
| CVE-2026-54193 | 0.00 | — | 0.00 | Jun 17, 2026 | Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions. | |||
| CVE-2025-59872 | 0.00 | — | 0.00 | Jun 17, 2026 | HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or… | |||
| CVE-2026-11975 | 0.00 | — | 0.00 | Jun 17, 2026 | Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered… | |||
| CVE-2025-62340 | 0.00 | — | 0.00 | Jun 17, 2026 | HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity | |||
| CVE-2024-37496 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. | |||
| CVE-2024-37210 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5. | |||
| CVE-2024-35690 | 0.00 | — | 0.00 | Jun 17, 2026 | Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. | |||
| CVE-2024-35648 | 0.00 | — | 0.00 | Jun 17, 2026 | Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0. | |||
| CVE-2024-33909 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1. | |||
| CVE-2024-32949 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8. | |||
| CVE-2024-32729 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8. | |||
| CVE-2026-11858 | 0.00 | — | 0.00 | Jun 17, 2026 | Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local… | |||
| CVE-2024-24709 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11. | |||
| CVE-2026-11857 | 0.00 | — | 0.00 | Jun 17, 2026 | Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named… | |||
| CVE-2025-31013 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6. | |||
| CVE-2024-31435 | 0.00 | — | 0.00 | Jun 17, 2026 | : Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6. | |||
| CVE-2024-33685 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1. | |||
| CVE-2026-10839 | — | 0.00 | — | 0.00 | Jun 17, 2026 | Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login… | ||
| CVE-2026-10837 | — | 0.00 | — | 0.00 | Jun 17, 2026 | Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception… | ||
| CVE-2026-10836 | — | 0.00 | — | 0.00 | Jun 17, 2026 | Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information… | ||
| CVE-2026-5667 | 0.00 | — | 0.00 | Jun 17, 2026 | Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Packaged Air Conditioners (for Japan and outside… | |||
| CVE-2024-34810 | 0.00 | — | 0.00 | Jun 17, 2026 | Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10. | |||
| CVE-2026-54811 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | |||
| CVE-2026-54807 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. | |||
| CVE-2026-54806 | 0.00 | — | 0.01 | Jun 17, 2026 | Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. | |||
| CVE-2026-54805 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions. | |||
| CVE-2026-54804 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions. | |||
| CVE-2026-54803 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions. |
- CVE-2026-39445Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
- CVE-2026-39442Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
- CVE-2025-69175Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
- CVE-2025-69174Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
- CVE-2025-69170Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
- CVE-2025-69166Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
- CVE-2025-69164Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
- CVE-2025-69158Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
- CVE-2025-69157Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
- CVE-2025-69144Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
- CVE-2025-69140Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
- CVE-2025-69130Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
- CVE-2025-69127Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
- CVE-2025-69126Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
- CVE-2025-69123Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
- CVE-2025-69120Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
- CVE-2025-69115Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
- CVE-2025-69111Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
- CVE-2025-69106Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
- CVE-2025-68524Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
- CVE-2025-59554Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
- CVE-2025-15657Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
- CVE-2026-54193Jun 17, 2026risk 0.00cvss —epss 0.00
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
- CVE-2025-59872Jun 17, 2026risk 0.00cvss —epss 0.00
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or…
- CVE-2026-11975Jun 17, 2026risk 0.00cvss —epss 0.00
Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered…
- CVE-2025-62340Jun 17, 2026risk 0.00cvss —epss 0.00
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity
- CVE-2024-37496Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.
- CVE-2024-37210Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.
- CVE-2024-35690Jun 17, 2026risk 0.00cvss —epss 0.00
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.
- CVE-2024-35648Jun 17, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0.
- CVE-2024-33909Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
- CVE-2024-32949Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.
- CVE-2024-32729Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.
- CVE-2026-11858Jun 17, 2026risk 0.00cvss —epss 0.00
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local…
- CVE-2024-24709Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
- CVE-2026-11857Jun 17, 2026risk 0.00cvss —epss 0.00
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named…
- CVE-2025-31013Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6.
- CVE-2024-31435Jun 17, 2026risk 0.00cvss —epss 0.00
: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6.
- CVE-2024-33685Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1.
- CVE-2026-10839Jun 17, 2026risk 0.00cvss —epss 0.00
Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login…
- CVE-2026-10837Jun 17, 2026risk 0.00cvss —epss 0.00
Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception…
- CVE-2026-10836Jun 17, 2026risk 0.00cvss —epss 0.00
Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information…
- CVE-2026-5667Jun 17, 2026risk 0.00cvss —epss 0.00
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Packaged Air Conditioners (for Japan and outside…
- CVE-2024-34810Jun 17, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.
- CVE-2026-54811Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
- CVE-2026-54807Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
- CVE-2026-54806Jun 17, 2026risk 0.00cvss —epss 0.01
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
- CVE-2026-54805Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
- CVE-2026-54804Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
- CVE-2026-54803Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.