Search

Expected end of text, found '–' (at char 31), (line:1, col:32)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346620 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-22505 2 Ancorathemes, Wordpress 2 Morning Records, Wordpress 2026-04-24 8.1 High
Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through <= 1.2.
CVE-2026-22506 2 Elated-themes, Wordpress 2 Amoli, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli allows PHP Local File Inclusion.This issue affects Amoli: from n/a through <= 1.0.
CVE-2026-22508 2 Ancorathemes, Wordpress 2 Dentalux, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through <= 3.3.
CVE-2026-22512 2 Elated-themes, Wordpress 2 Roisin, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through <= 1.2.1.
CVE-2026-22513 2 Ancorathemes, Wordpress 2 Triompher, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Triompher triompher allows PHP Local File Inclusion.This issue affects Triompher: from n/a through <= 1.1.0.
CVE-2026-22515 2 Ancorathemes, Wordpress 2 Vegadays, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from n/a through <= 1.2.0.
CVE-2026-22516 2 Ancorathemes, Wordpress 2 Wizor's, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12.
CVE-2026-23806 2 Blueglass Interactive Ag, Wordpress 2 Jobs For Wordpress, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8.
CVE-2026-23973 2 Uxper, Wordpress 2 Golo, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.
CVE-2026-23979 2 Softwebmedia, Wordpress 2 Gyan Elements, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through <= 2.2.1.
CVE-2026-24359 2 Dokan, Wordpress 2 Dokan, Wordpress 2026-04-24 8.8 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.
CVE-2026-24363 2 Loopus, Wordpress 2 Wp Cost Estimation & Payment Forms Builder, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through < 10.3.0.
CVE-2026-24364 2 Wedevs, Wordpress 2 Wp User Frontend, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5.
CVE-2026-24372 2 Wordpress, Wp Swings 2 Wordpress, Subscriptions For Woocommerce 2026-04-24 7.5 High
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through <= 1.8.10.
CVE-2026-24391 2 Thememakers, Wordpress 2 Car Dealer, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through <= 1.6.7.
CVE-2026-24970 2 Designingmedia, Wordpress 2 Energox, Wordpress 2026-04-24 7.7 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through <= 1.2.
CVE-2026-24980 2 Nootheme, Wordpress 2 Visionary Core, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-24981 2 Nootheme, Wordpress 2 Visionary Core, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-24987 2 Activity-log.com, Wordpress 2 Wp System Log, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through <= 1.2.7.
CVE-2026-25007 2 Elementinvader, Wordpress 2 Elementinvader Addons For Elementor, Wordpress 2026-04-24 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.2.