Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (84926 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-26879 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a through <= 241216.
CVE-2025-26760 2 Wordpress, Wow-company 2 Wordpress, Calculator-builder 2026-04-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder calculator-builder allows PHP Local File Inclusion.This issue affects Calculator Builder: from n/a through <= 1.6.2.
CVE-2025-26757 2026-04-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FULL SERVICES FULL Customer full-customer allows PHP Local File Inclusion.This issue affects FULL Customer: from n/a through <= 3.1.26.
CVE-2025-23528 1 Wordpress 1 Wordpress 2026-04-29 8.8 High
Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through <= 4.1.
CVE-2025-24556 1 Wordpress 1 Wordpress 2026-04-29 7.5 High
Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle moowoodle allows Retrieve Embedded Sensitive Data.This issue affects MooWoodle: from n/a through <= 3.2.4.
CVE-2025-23784 1 Wordpress 1 Wordpress 2026-04-29 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows SQL Injection.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through <= 1.2.1.
CVE-2025-23806 2026-04-29 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe ultimate-subscribe allows Reflected XSS.This issue affects Ultimate Subscribe: from n/a through <= 1.3.
CVE-2024-56067 1 Wordpress 1 Wordpress 2026-04-29 7.5 High
Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
CVE-2025-22527 2026-04-29 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through <= 2.0.9.
CVE-2025-22754 1 Wordpress 1 Wordpress 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Klein Center Amber amberlink allows Reflected XSS.This issue affects Amber: from n/a through <= 1.4.4.
CVE-2025-22793 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea bold-pagos-en-linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through <= 3.1.4.
CVE-2025-22353 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bvads BVD Easy Gallery Manager bvd-easy-gallery-manager allows Reflected XSS.This issue affects BVD Easy Gallery Manager: from n/a through <= 1.0.6.
CVE-2025-23429 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in altima-interactive Altima Lookbook Free for WooCommerce altima-lookbook-free-for-woocommerce allows Reflected XSS.This issue affects Altima Lookbook Free for WooCommerce: from n/a through <= 1.1.0.
CVE-2025-23432 1 Wordpress 1 Wordpress 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through <= 1.12.0.
CVE-2025-22711 1 Wordpress 1 Wordpress 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through <= 2.29.0.
CVE-2024-54279 1 Wordpress 1 Wordpress 2026-04-29 7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.This issue affects WP-NERD Toolkit: from n/a through <= 1.1.
CVE-2025-22295 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through <= 8.0.6.
CVE-2024-49315 1 Codeflock 1 Free Download Manager 2026-04-29 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER free-download-manager allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through <= 1.0.0.
CVE-2024-49316 1 Wordpress 1 Wordpress 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zodiac Akismet htaccess writer akismet-htaccess-writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through <= 1.0.1.
CVE-2024-49244 2026-04-29 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affects CSV Product Import Export for WooCommerce: from n/a through <= 1.0.0.