Sits\ CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 30), (line:1, col:31)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346623 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-33656	1 Espocrm	1 Espocrm	2026-04-23	9.1 Critical
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the `sourceId` field on `Attachment` entities. Because `sourceId` is concatenated directly into a file path with no sanitization in `EspoUploadDir::getFilePath()`, an attacker can redirect any file read or write operation to an arbitrary path within the web server's `open_basedir` scope. Version 9.3.4 fixes the issue.
CVE-2026-28080	2 Rank Math Seo, Wordpress	2 Rank Math Seo, Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Rank Math Rank Math SEO PRO seo-by-rank-math-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through <= 3.0.96.
CVE-2026-28073	2 Tipsandtricks-hq, Wordpress	2 Wp Emember, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tips and Tricks HQ WP eMember wp-eMember allows Reflected XSS.This issue affects WP eMember: from n/a through <= v10.2.2.
CVE-2026-28070	2 Tipsandtricks-hq, Wordpress	2 Wp Emember, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Tips and Tricks HQ WP eMember wp-eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through <= v10.2.2.
CVE-2026-28044	2 Wordpress, Wp Media	2 Wordpress, Wp Rocket	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Media WP Rocket wp-rocket allows Stored XSS.This issue affects WP Rocket: from n/a through <= 3.19.4.
CVE-2026-28039	2 Wordpress, Wpdatatables	2 Wordpress, Wpdatatables	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This issue affects wpDataTables: from n/a through <= 6.5.0.1.
CVE-2026-27542	2 Rymera Web Co Pty Ltd., Wordpress	2 Woocommerce Wholesale Lead Capture, Wordpress	2026-04-23	N/A
Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through <= 2.0.3.1.
CVE-2026-27540	2 Rymera Web Co Pty Ltd., Wordpress	2 Woocommerce Wholesale Lead Capture, Wordpress	2026-04-23	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through <= 2.0.3.1.
CVE-2026-27413	2 Cozmoslabs, Wordpress	2 Profile Builder, Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro profile-builder-pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through < 3.14.0.
CVE-2026-27397	2 Really-simple-plugins, Wordpress	2 Really Simple Security, Wordpress	2026-04-23	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro really-simple-ssl-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through <= 9.5.4.0.
CVE-2026-27367	2 Themegoods, Wordpress	2 Musico, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through < 3.4.5.
CVE-2026-27362	2 Kamleshyadav, Wordpress	2 Wp Bakery Autoresponder Addon, Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6.
CVE-2026-27352	2 Themegoods, Wordpress	2 Starto, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through < 2.2.5.
CVE-2026-27096	2 Buddhathemes, Wordpress	2 Colorfolio - Freelance Designer Wordpress Theme, Wordpress	2026-04-23	8.1 High
Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme colorfolio allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through <= 1.3.
CVE-2026-27093	2 Ovatheme, Wordpress	2 Tripgo, Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through < 1.5.6.
CVE-2026-27091	2 Uipress, Wordpress	2 Uipress Lite, Wordpress	2026-04-23	6.3 Medium
Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09.
CVE-2026-27070	2 Wordpress, Wpeverest	2 Wordpress, Everest Forms	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro everest-forms-pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through <= 1.9.12.
CVE-2026-27067	2 Syarif, Wordpress	2 Mobile App Editor, Wordpress	2026-04-23	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through <= 1.3.1.
CVE-2026-27065	2 Thimpress, Wordpress	2 Builderpress, Wordpress	2026-04-23	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1.
CVE-2026-25471	2 Themepaste, Wordpress	2 Admin Safety Guard, Wordpress	2026-04-23	8.1 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through <= 1.2.7.

« first previous Page 149 of 17332. next last »