Html\ CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 34), (line:1, col:35)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346758 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39615	2 Shahjada, Wordpress	2 Download Manager, Wordpress	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.
CVE-2026-39616	2 Dfactory, Wordpress	2 Download Attachments, Wordpress	2026-04-24	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0.
CVE-2026-39617	2 Priyanshumittal, Wordpress	2 Bluestreet, Wordpress	2026-04-24	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3.
CVE-2026-39620	2 Priyanshumittal, Wordpress	2 Appointment, Wordpress	2026-04-24	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5.
CVE-2026-39622	2 Acmethemes, Wordpress	2 Education Base, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.
CVE-2026-39604	2 Wordpress, Zookatron	2 Wordpress, Mybooktable Bookstore	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.
CVE-2026-39612	2 Kutethemes, Wordpress	2 Kuteshop, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.
CVE-2026-39632	2 Themegoods, Wordpress	2 Grand Blog, Wordpress	2026-04-24	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1.
CVE-2026-39635	2 Themegoods, Wordpress	2 Grand Magazine, Wordpress	2026-04-24	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5.
CVE-2026-39641	2 Skywarrior, Wordpress	2 Blackfyre, Wordpress	2026-04-24	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4.
CVE-2026-39637	2 Spabrice, Wordpress	2 Mogi, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through <= 1.2.3.
CVE-2026-39639	2 Redpixelstudios, Wordpress	2 Rps Include Content, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Content: from n/a through <= 1.2.2.
CVE-2026-39648	2 Themebeez, Wordpress	2 Cream Blog, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.
CVE-2026-39650	2 Unitech Web, Wordpress	2 Unitechpay, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through <= 1.0.2.
CVE-2026-39633	2 Themegoods, Wordpress	2 Grand Car Rental, Wordpress	2026-04-24	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9.
CVE-2026-39638	2 Themeum, Wordpress	2 Qubely, Wordpress	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14.
CVE-2026-39643	2 Payment Plugins, Wordpress	2 Payment Plugins For Paypal Woocommerce, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13.
CVE-2026-39646	2 Bozdoz, Wordpress	2 Leaflet Map, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through <= 3.4.4.
CVE-2026-39647	2 Sonaar, Wordpress	2 Mp3 Audio Player For Music, Radio & Podcast, Wordpress	2026-04-24	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11.
CVE-2026-39652	2 Igms, Wordpress	2 Igms Direct Booking, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through <= 1.3.

« first previous Page 72 of 17338. next last »