Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2025-69116 — WordPress Iona theme <= 1.0.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69114 — WordPress MaxiNet theme <= 1.2.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69113 — WordPress Nexio theme <= 1.10.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69112 — WordPress Planty theme <= 1.14.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69109 — WordPress Raider Spirit theme <= 1.1.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.8 CRITICAL
CVE-2025-69108 — WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69107 — WordPress Rosaleen theme <= 2.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69105 — WordPress Modernee theme <= 1.6.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.1 HIGH
CVE-2025-69104 — WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.

Remote | Cross-Site Scripting
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.5 HIGH
CVE-2025-69103 — WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-60085 — WordPress Learnify theme <= 1.15.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-58924 — WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Geya <= 1.15 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.8 CRITICAL
CVE-2026-54194 — WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.3 CRITICAL
CVE-2026-48777 — FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared …

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backen…

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.8 HIGH
CVE-2026-47750 — stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoin…

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .…

| Memory Corruption
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.8 HIGH
CVE-2026-47747 — stable-diffusion.cpp has a Heap-based Buffer Overflow

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .c…

| Memory Corruption
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
5.4 MEDIUM
CVE-2026-46448 — OpenStack Nova Server Create API Information Leak

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

nova | Remote | Misconfiguration
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.1 CRITICAL
CVE-2026-22313 — OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitra…

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.6 HIGH
CVE-2026-22312 — Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration a…

Remote | Authentication
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
5.7 MEDIUM
CVE-2026-12425 — Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects E…

Remote | Cross-Site Scripting
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Showing 20 of 7350 Results