Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
CVE-2026-49765
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.
CVE-2025-60205
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
CVE-2026-49109
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.
CVE-2026-49106
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.
CVE-2026-49770
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
CVE-2026-40725
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
CVE-2026-49763
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.
CVE-2026-49085
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
CVE-2026-54806
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-49105
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
CVE-2026-49107
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
CVE-2026-27053
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.