Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10539 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2024-32822 1 Wordpress 1 Reviews Plus 2026-04-15 4.3 Medium
Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4.
CVE-2025-20381 1 Splunk 1 Mcp Server 2026-04-15 5.4 Medium
In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions.
CVE-2024-32826 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0.
CVE-2024-32828 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15.
CVE-2024-32829 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.31.
CVE-2025-30916 2026-04-15 N/A
Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Residential Address Detection: from n/a through <= 2.5.4.
CVE-2024-53605 1 Handcent 1 Nextcms 2026-04-15 7.5 High
Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.
CVE-2024-33915 2 Bowo, Wordpress 2 Debug Log Manager, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
CVE-2023-28990 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9.
CVE-2024-54222 2 Seraphinitesolutions, Wordpress 2 Seraphinite Accelerator, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15.
CVE-2024-35168 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1.
CVE-2024-35174 2 Flothemes, Wordpress 2 Flo Forms, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.
CVE-2024-54227 2026-04-15 N/A
Missing Authorization vulnerability in Dotstore Minimum and Maximum Quantity for WooCommerce min-and-max-quantity-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximum Quantity for WooCommerce: from n/a through <= 2.0.0.
CVE-2024-54298 2026-04-15 N/A
Missing Authorization vulnerability in sminozzi Car Dealer cardealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through <= 4.46.
CVE-2025-62931 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.9.
CVE-2025-62935 3 Ilmosys, Woocommerce, Wordpress 3 Open Close Woocommerce Store, Woocommerce, Wordpress 2026-04-15 8.1 High
Missing Authorization vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9.
CVE-2025-62938 2 Reoon Technology, Wordpress 2 Reoon Email Verifier, Wordpress 2026-04-15 8.1 High
Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through <= 2.0.1.
CVE-2025-62965 2 Admin Management Xtended Project, Wordpress 2 Admin Management Xtended, Wordpress 2026-04-15 7.2 High
Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1.
CVE-2025-42882 1 Sap 6 Application Server, Netweaver, Netweaver Abap and 3 more 2026-04-15 4.3 Medium
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system could further assist this attacker to plan subsequent attacks. As a result, this vulnerability has a low impact on confidentiality, with no impact on the integrity or availability of the application.
CVE-2024-37254 2 Mndpsingh287, Wordpress 2 File Manager, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7.