Export limit exceeded: 366583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 86896 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (86896 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39569 | 1 Taskbuilder | 1 Taskbuilder | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder taskbuilder allows Blind SQL Injection.This issue affects Taskbuilder: from n/a through <= 4.0.1. | ||||
| CVE-2025-39568 | 2026-04-23 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce storecontrl-wp-connection allows Path Traversal.This issue affects StoreContrl Woocommerce: from n/a through <= 4.1.3. | ||||
| CVE-2025-39567 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.8. | ||||
| CVE-2025-39566 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Hostel hostel allows Blind SQL Injection.This issue affects Hostel: from n/a through <= 1.1.5.6. | ||||
| CVE-2025-39558 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks support-x allows Reflected XSS.This issue affects CRM Perks: from n/a through <= 1.1.7. | ||||
| CVE-2025-39548 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban right-click-disable-or-ban allows Stored XSS.This issue affects Right Click Disable OR Ban: from n/a through <= 1.1.17. | ||||
| CVE-2025-39547 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Stored XSS.This issue affects Internal Link Optimiser: from n/a through <= 5.1.3. | ||||
| CVE-2025-39544 | 2026-04-23 | 7.4 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in sminozzi WP Tools wptools allows Path Traversal.This issue affects WP Tools: from n/a through <= 5.18. | ||||
| CVE-2025-39542 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat xelion-webchat allows Privilege Escalation.This issue affects Xelion Webchat: from n/a through <= 9.1.0. | ||||
| CVE-2025-39539 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs WP Email Delivery wp-email-delivery allows Reflected XSS.This issue affects WP Email Delivery: from n/a through <= 1.20.11.23. | ||||
| CVE-2025-39537 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blaze Concepts Better Customer List for WooCommerce woo-better-customer-list allows Reflected XSS.This issue affects Better Customer List for WooCommerce: from n/a through <= 1.2.3. | ||||
| CVE-2025-39535 | 2026-04-23 | 7.2 High | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.7. | ||||
| CVE-2025-39533 | 2026-04-23 | 8.8 High | ||
| Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through <= 3.1.19. | ||||
| CVE-2025-39532 | 2026-04-23 | 7.5 High | ||
| Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through <= 2.0.7.7. | ||||
| CVE-2025-39530 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 site-search-360 allows Stored XSS.This issue affects Site Search 360: from n/a through <= 2.1.8. | ||||
| CVE-2025-39527 | 2026-04-23 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in bestweblayout Rating by BestWebSoft rating-bws allows Object Injection.This issue affects Rating by BestWebSoft: from n/a through <= 1.7. | ||||
| CVE-2025-39526 | 1 Nicdark | 1 Hotel Booking | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This issue affects Hotel Booking: from n/a through <= 3.6. | ||||
| CVE-2025-39521 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through <= 2.4. | ||||
| CVE-2025-39519 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in runthings.dev Bulk Page Stub Creator bulk-page-stub-creator allows Reflected XSS.This issue affects Bulk Page Stub Creator: from n/a through <= 1.1. | ||||
| CVE-2025-39518 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite bma-lite-appointment-booking-and-scheduling allows SQL Injection.This issue affects BMA Lite: from n/a through <= 1.4.2. | ||||