Gitlab\ CVEs and Security Vulnerabilities

Export limit exceeded: 342216 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found ':' (at char 6), (line:1, col:7)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (342216 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32401	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2026-04-01	7.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9.
CVE-2026-32400	2 Themetechmount, Wordpress	2 Boldman, Wordpress	2026-04-01	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.
CVE-2026-32399	2 Davidlingren, Wordpress	2 Media Library Assistant, Wordpress	2026-04-01	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.32.
CVE-2026-32398	2 Subratamal, Wordpress	2 Terawallet For Woocommerce, Wordpress	2026-04-01	5.3 Medium
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through <= 1.5.15.
CVE-2026-32397	2 Wordpress, Ymc-22	2 Wordpress, Filter & Grids	2026-04-01	5.3 Medium
Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.
CVE-2026-32396	2 Radiustheme, Wordpress	2 Team, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.
CVE-2026-5015	1 Elecv2	1 Elecv2p	2026-04-01	4.3 Medium
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-32395	2 Wordpress, Xpro	2 Wordpress, Xpro Addons For Beaver Builder – Lite	2026-04-01	5.3 Medium
Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.6.
CVE-2026-32394	2 Publishpress, Wordpress	2 Publishpress Capabilities, Wordpress	2026-04-01	4.3 Medium
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through <= 2.31.0.
CVE-2026-32393	2 Creatives Planet, Wordpress	2 Greenly Theme Addons, Wordpress	2026-04-01	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.
CVE-2026-32392	2 Creatives Planet, Wordpress	2 Greenly, Wordpress	2026-04-01	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.
CVE-2026-32391	2 Linethemes, Wordpress	2 Smartfix, Wordpress	2026-04-01	5.4 Medium
Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4.
CVE-2026-32390	2 Linethemes, Wordpress	2 Nanosoft, Wordpress	2026-04-01	5.4 Medium
Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.
CVE-2026-32388	2 Linethemes, Wordpress	2 Glb, Wordpress	2026-04-01	5.4 Medium
Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.
CVE-2026-32387	2 Noorsplugin, Wordpress	2 Checkout For Paypal, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.
CVE-2026-32386	2 Envothemes, Wordpress	2 Envo Extra, Wordpress	2026-04-01	5.4 Medium
Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.13.
CVE-2026-32385	2 Metagauss, Wordpress	2 Registrationmagic, Wordpress	2026-04-01	5.4 Medium
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
CVE-2026-32384	2 Magepeopleteam, Wordpress	2 Wpbookingly, Wordpress	2026-04-01	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through <= 1.2.9.
CVE-2026-32383	2 Raratheme, Wordpress	2 Ridhi, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2.
CVE-2026-32382	2 Raratheme, Wordpress	2 Digital Download, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4.

« first previous Page 528 of 17111. next last »