Search

Expected end of text, found ':' (at char 27), (line:1, col:28)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341810 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-22501 2 Axiomthemes, Wordpress 2 Mounthood, Wordpress 2026-04-01 9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.
CVE-2026-22497 2 Ancorathemes, Wordpress 2 Jardi, Wordpress 2026-04-01 9.8 Critical
Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2.
CVE-2026-22483 1 Wordpress 1 Wordpress 2026-04-01 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12.
CVE-2026-22482 2 Wbolt, Wordpress 2 Imgspider, Wordpress 2026-04-01 9.1 Critical
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12.
CVE-2026-22481 1 Wordpress 1 Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.
CVE-2026-22478 2 Elated Themes, Wordpress 2 Findall, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affects FindAll: from n/a through <= 1.4.
CVE-2026-22477 2 Ancorathemes, Wordpress 2 Felizia, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affects Felizia: from n/a through <= 1.3.4.
CVE-2026-22476 2 Elated-themes, Wordpress 2 Etchy, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Etchy etchy allows PHP Local File Inclusion.This issue affects Etchy: from n/a through <= 1.0.
CVE-2026-22475 2 Axiomthemes, Wordpress 2 Estate, Wordpress 2026-04-01 9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.
CVE-2026-22474 2 Themerex, Wordpress 2 Equestrian Centre, Wordpress 2026-04-01 9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5.
CVE-2026-22473 2 Designthemes, Wordpress 2 Dental Clinic, Wordpress 2026-04-01 8.8 High
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7.
CVE-2026-22472 1 Wordpress 1 Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.
CVE-2026-22471 2 Maximsecudeal, Wordpress 2 Secudeal Payments For Ecommerce, Wordpress 2026-04-01 8.6 High
Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1.
CVE-2026-22470 2 Firestorm Plugins, Wordpress 2 Firestorm Professional Real Estate, Wordpress 2026-04-01 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11.
CVE-2026-22469 1 Wordpress 1 Wordpress 2026-04-01 5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2.
CVE-2026-22468 2 Abosoluteplugins, Wordpress 2 Absolute Addons For Elementor, Wordpress 2026-04-01 4.3 Medium
Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolute Addons For Elementor: from n/a through <= 1.0.14.
CVE-2026-22467 2 Mwtemplates, Wordpress 2 Deepdigital, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDigital deepdigital allows Reflected XSS.This issue affects DeepDigital: from n/a through <= 1.0.2.
CVE-2026-22466 2 Chandnipatel, Wordpress 2 Wp Mapit, Wordpress 2026-04-01 4.3 Medium
Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through <= 3.0.3.
CVE-2026-22465 2 Seventhqueen, Wordpress 2 Buddyapp, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen BuddyApp buddyapp allows Reflected XSS.This issue affects BuddyApp: from n/a through <= 1.9.2.
CVE-2026-22464 2 Wordpress, Wphocus 2 Wordpress, My Auctions Allegro 2026-04-01 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through <= 3.6.33.