Export limit exceeded: 355871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 355871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 355871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 355871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2019-25738 2 Framework-y, Wordpress 2 Hybrid Composer, Wordpress 2026-06-05 9.8 Critical
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to hc_ajax_save_option to enable user registration and set the default role to administrator, enabling account takeover.