\ CVEs and Security Vulnerabilities

Export limit exceeded: 342055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found '\' (at char 30), (line:1, col:31)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (342055 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-27440	2 Saadiqbal, Wordpress	2 Mycred, Wordpress	2026-04-01	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.
CVE-2026-27387	2 Designinvento, Wordpress	2 Directorypress, Wordpress	2026-04-01	5.4 Medium
Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
CVE-2026-27368	2 Seedprod, Wordpress	2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
CVE-2026-27360	2 10web, Wordpress	2 Photo Gallery, Wordpress	2026-04-01	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.38.
CVE-2026-27327	2 Wordpress, Yaycommerce	2 Wordpress, Yaymail – Woocommerce Email Customizer	2026-04-01	4.3 Medium
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through <= 4.3.2.
CVE-2026-27092	2 Greg Winiarski, Wordpress	2 Wpadverts, Wordpress	2026-04-01	6.5 Medium
Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.3.0.
CVE-2026-27066	2 Pi Web Solution, Wordpress	2 Live Sales Notification For Woocommerce, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.49.
CVE-2026-27056	2 Stellarwp, Wordpress	2 Ithemes Sync, Wordpress	2026-04-01	4.3 Medium
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.
CVE-2026-25472	2 Themefusion, Wordpress	2 Fusion Builder, Wordpress	2026-04-01	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through <= 3.14.1.
CVE-2026-25451	2 Bold-themes, Wordpress	2 Bold Page Builder, Wordpress	2026-04-01	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.9.
CVE-2026-25423	2 Creativeinteractivemedia, Wordpress	2 Real3d Flipbook, Wordpress	2026-04-01	3.8 Low
Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.19.1.
CVE-2026-25419	2 Flycart, Wordpress	2 Upsellwp, Wordpress	2026-04-01	4.3 Medium
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.5.
CVE-2026-25418	2 Bitpressadmin, Wordpress	2 Bit Form, Wordpress	2026-04-01	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
CVE-2026-25392	2 Kaizencoders, Wordpress	2 Update Urls – Quick And Easy Way To Search Old Links And Replace Them With New Links In Wordpress, Wordpress	2026-04-01	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.1.
CVE-2026-25315	2 Hcaptcha, Wordpress	2 Hcaptcha For Wp, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.21.1.
CVE-2026-24636	1 Wordpress	1 Wordpress	2026-04-01	4.3 Medium
Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar (Lite): from n/a through <= 3.9.1.
CVE-2026-24630	2 Design, Wordpress	2 Stylish Cost Calculator, Wordpress	2026-04-01	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.2.5.
CVE-2026-24620	2 Pluginops, Wordpress	2 Landing Page Builder, Wordpress	2026-04-01	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.4.
CVE-2026-24616	1 Wordpress	1 Wordpress	2026-04-01	6.5 Medium
Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.5.
CVE-2026-24614	1 Wordpress	1 Wordpress	2026-04-01	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through <= 1.2.10.

« first previous Page 492 of 17103. next last »