Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-48827
CRITICAL CVSS 9.8
Find Similar
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocat
CVE-2026-54806
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-9691
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.
CVE-2026-49105
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
CVE-2026-49085
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
CVE-2026-49770
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
CVE-2026-49106
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.
CVE-2026-49104
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.
A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack re
CVE-2026-49765
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.
Page 1+ Next →