\ CVEs and Security Vulnerabilities

Export limit exceeded: 344952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found '\' (at char 28), (line:1, col:29)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344952 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24526	3 Steve Truman, Woocommerce, Wordpress	3 Email Inquiry & Cart Options For Woocommerce, Woocommerce, Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through <= 3.4.3.
CVE-2026-24528	2 Pixelgrade, Wordpress	2 Nova Blocks, Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9.
CVE-2026-24530	1 Wordpress	1 Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through <= 2.2.
CVE-2026-24531	1 Wordpress	1 Wordpress	2026-04-16	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affects Prowess: from n/a through <= 2.3.
CVE-2026-24532	1 Wordpress	1 Wordpress	2026-04-16	8.8 High
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through <= 5.0.2.
CVE-2026-24535	2 Webdevstudios, Wordpress	2 Automatic Featured Images From Videos, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.7.
CVE-2026-24549	2 Paolo, Wordpress	2 Geodirectory, Wordpress	2026-04-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through <= 2.8.149.
CVE-2026-24565	1 Wordpress	1 Wordpress	2026-04-16	6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.2.
CVE-2026-24566	2 Inet, Wordpress	2 Inet Webkit, Wordpress	2026-04-16	6.5 Medium
Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.
CVE-2026-24568	2 Wordpress, Wptravelengine	2 Wordpress, Wp Travel Engine	2026-04-16	5.3 Medium
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0.
CVE-2026-24569	2 Sully, Wordpress	2 Media Library File Size, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through <= 1.6.7.
CVE-2026-24571	1 Wordpress	1 Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.
CVE-2026-24572	1 Wordpress	1 Wordpress	2026-04-16	8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.2.0.
CVE-2026-24578	1 Wordpress	1 Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through <= 1.1.5.
CVE-2026-24584	2 Themeum, Wordpress	2 Tutor Lms, Wordpress	2026-04-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0.
CVE-2026-24587	1 Wordpress	1 Wordpress	2026-04-16	5.4 Medium
Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through <= 0.10.210305.
CVE-2026-24593	2 Strategy11, Wordpress	2 Awp Classifieds, Wordpress	2026-04-16	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
CVE-2026-24600	1 Wordpress	1 Wordpress	2026-04-16	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through <= 3.5.
CVE-2026-24608	1 Wordpress	1 Wordpress	2026-04-16	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent Core laurent-core allows PHP Local File Inclusion.This issue affects Laurent Core: from n/a through <= 2.4.1.
CVE-2026-24617	1 Wordpress	1 Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through <= 2.1.0.

« first previous Page 32 of 17248. next last »