Search

Expected end of text, found '/' (at char 32), (line:1, col:33)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341935 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-49876 2 Metagauss, Wordpress 2 Profilegrid, Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.
CVE-2025-49875 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through <= 1.9.3.1.
CVE-2025-49874 1 Tychesoftwares 1 Arconix Faq 2026-04-01 N/A
Missing Authorization vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix FAQ: from n/a through <= 1.9.6.
CVE-2025-49873 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Elessi elessi-theme allows Reflected XSS.This issue affects Elessi: from n/a through <= 6.3.9.
CVE-2025-49872 2026-04-01 N/A
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.
CVE-2025-49871 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noptin Newsletter Team Noptin newsletter-optin-box allows Stored XSS.This issue affects Noptin: from n/a through <= 3.8.7.
CVE-2025-49870 2 Cozmoslabs, Wordpress 2 Paid Member Subscriptions, Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1.
CVE-2025-49869 1 Wordpress 1 Wordpress 2026-04-01 N/A
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.0.31.
CVE-2025-49868 2026-04-01 N/A
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through <= 3.6.0.
CVE-2025-49867 2 Inspirythemes, Wordpress 2 Realhomes, Wordpress 2026-04-01 N/A
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0.
CVE-2025-49866 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through <= 4.6.1.
CVE-2025-49865 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Cross Site Request Forgery.This issue affects Advanced Settings: from n/a through <= 3.0.1.
CVE-2025-49864 2026-04-01 N/A
Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through <= 4.21.
CVE-2025-49863 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs Advanced Sermons advanced-sermons allows Stored XSS.This issue affects Advanced Sermons: from n/a through <= 3.6.
CVE-2025-49862 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store ebook-store allows Stored XSS.This issue affects Ebook Store: from n/a through <= 5.8008.
CVE-2025-49861 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter kama-clic-counter allows Stored XSS.This issue affects Kama Click Counter: from n/a through <= 4.0.3.
CVE-2025-49860 2 Majesticsupport, Wordpress 2 Majestic Support, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support.This issue affects Majestic Support: from n/a through <= 1.1.0.
CVE-2025-49859 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in etruel WP Views Counter wpecounter allows Stored XSS.This issue affects WP Views Counter: from n/a through <= 2.0.3.
CVE-2025-49858 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through <= 2.1.17.
CVE-2025-49857 2026-04-01 N/A
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.