Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (349372 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-22434 2 Ancorathemes, Wordpress 2 Crown Art, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Crown Art crown-art allows PHP Local File Inclusion.This issue affects Crown Art: from n/a through <= 1.2.11.
CVE-2026-22432 2 Ancorathemes, Wordpress 2 Woopy, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Woopy woopy allows PHP Local File Inclusion.This issue affects Woopy: from n/a through <= 1.2.
CVE-2026-22427 2 Mikado-themes, Wordpress 2 Gotravel, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes GoTravel gotravel allows PHP Local File Inclusion.This issue affects GoTravel: from n/a through <= 2.1.
CVE-2026-27384 2 Boldgrid, Wordpress 2 W3 Total Cache, Wordpress 2026-04-22 9 Critical
Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.
CVE-2026-22421 2 Ancorathemes, Wordpress 2 Quantum, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Quantum quantum allows PHP Local File Inclusion.This issue affects Quantum: from n/a through <= 1.0.
CVE-2026-2732 2 Shortpixel, Wordpress 2 Enable Media Replace, Wordpress 2026-04-22 5.4 Medium
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with Author-level access and above, to replace any attachment with a removed background attachment.
CVE-2026-27997 2 Themerex, Wordpress 2 Maxify, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Maxify maxify allows PHP Local File Inclusion.This issue affects Maxify: from n/a through <= 1.0.16.
CVE-2026-22442 2 Launchandsell, Wordpress 2 Tribe, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LaunchandSell Tribe tribe allows PHP Local File Inclusion.This issue affects Tribe: from n/a through <= 1.7.3.
CVE-2026-22425 2 Elated-themes, Wordpress 2 Sweet Jane, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Sweet Jane sweetjane allows PHP Local File Inclusion.This issue affects Sweet Jane: from n/a through <= 1.2.
CVE-2026-23546 2 Radiustheme, Wordpress 2 Classified Listing, Wordpress 2026-04-22 6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from n/a through <= 5.3.4.
CVE-2026-23802 2 Jordy Meow, Wordpress 2 Ai-engine, Wordpress 2026-04-22 9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through <= 3.3.2.
CVE-2026-27097 2 Ancorathemes, Wordpress 2 Casamia | Property Rental Real Estate Wordpress Theme, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Theme: from n/a through <= 1.1.2.
CVE-2026-27438 2 Themerex, Wordpress 2 Kingler, Wordpress 2026-04-22 9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7.
CVE-2026-22414 2 Mikado-themes, Wordpress 2 Marra, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Marra marra allows PHP Local File Inclusion.This issue affects Marra: from n/a through <= 1.2.
CVE-2025-69339 2 Don-themes, Wordpress 2 Molla, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through <= 1.5.16.
CVE-2026-27326 2 Axiomthemes, Wordpress 2 Ac Services | Hvac, Air Conditioning & Heating Company Wordpress Theme, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme: from n/a through <= 1.2.5.
CVE-2026-27334 2 Dan Fisher, Wordpress 2 Alchemists, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dan_fisher Alchemists alchemists allows PHP Local File Inclusion.This issue affects Alchemists: from n/a through <= 4.6.0.
CVE-2026-27335 2 Ancorathemes, Wordpress 2 Ekoterra - Nonprofit, Green Energy & Ecology Theme, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allows PHP Local File Inclusion.This issue affects Ekoterra - NonProfit, Green Energy & Ecology Theme: from n/a through <= 1.0.0.
CVE-2026-27340 2 Ancorathemes, Wordpress 2 Apollo | Night Club, Dj Event Wordpress Theme, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a through <= 1.3.1.
CVE-2026-27354 2 Webcodingplace, Wordpress 2 Woocommerce Coming Soon Product With Countdown, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows Stored XSS.This issue affects WooCommerce Coming Soon Product with Countdown: from n/a through <= 5.0.