Search

Expected end of text, found '/' (at char 35), (line:1, col:36)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359647 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-24575 2 Wishlist Member, Wordpress 2 Wishlist Member X, Wordpress 2026-06-17 4.3 Medium
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
CVE-2026-39597 2 Wordpress, Wpzoom 2 Wordpress, Wpzoom Addons For Elementor 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
CVE-2025-69172 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.
CVE-2026-39576 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
CVE-2026-40756 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
CVE-2026-27869 1 Teldat 1 Regesta Smart Hd-plc - Tldph16d2 2026-06-17 N/A
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
CVE-2025-49403 2 Aa-team, Wordpress 2 Premium Age Verification Restriction For Wordpress, Wordpress 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
CVE-2025-69120 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
CVE-2025-69140 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
CVE-2026-39523 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
CVE-2026-40720 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
CVE-2026-39546 2 Techspawn, Wordpress 2 Multiloca, Wordpress 2026-06-17 7.6 High
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
CVE-2026-54192 2 Ays-pro, Wordpress 2 Popup Box, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
CVE-2026-54195 2 Jetmonsters, Wordpress 2 Jetformbuilder, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
CVE-2026-54196 2 Jetmonsters, Wordpress 2 Jetformbuilder, Wordpress 2026-06-17 6.8 Medium
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
CVE-2026-54806 2 Melapress, Wordpress 2 Wp Activity Log, Wordpress 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-54813 2026-06-17 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0.
CVE-2024-32949 2 Prince, Wordpress 2 Integrate Google Drive, Wordpress 2026-06-17 8.3 High
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.
CVE-2024-33909 2 Avirtum, Wordpress 2 Ipages Flipbook, Wordpress 2026-06-17 5.3 Medium
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
CVE-2024-35690 2 Marketingfire, Wordpress 2 Widget-options, Wordpress 2026-06-17 6.5 Medium
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.