Search

Expected end of text, found '/' (at char 42), (line:1, col:43)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (347343 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-22498 2 Elated-themes, Wordpress 2 Laurent, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.
CVE-2026-22508 2 Ancorathemes, Wordpress 2 Dentalux, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through <= 3.3.
CVE-2026-22516 2 Ancorathemes, Wordpress 2 Wizor's, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12.
CVE-2026-23806 2 Blueglass Interactive Ag, Wordpress 2 Jobs For Wordpress, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8.
CVE-2026-23972 2 Magepeople, Wordpress 2 Booking & Rental Manager, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.6.0.
CVE-2026-23977 2 Wordpress, Wpfactory 2 Wordpress, Helpdesk Support Ticket System For Woocommerce 2026-04-24 7.5 High
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2.
CVE-2026-24391 2 Thememakers, Wordpress 2 Car Dealer, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through <= 1.6.7.
CVE-2026-24977 2 Nootheme, Wordpress 2 Organici Library, Wordpress 2026-04-24 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2.
CVE-2026-24980 2 Nootheme, Wordpress 2 Visionary Core, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-25018 2 Stmcan, Wordpress 2 Naturalife Extensions, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through <= 2.1.
CVE-2026-25034 2 Iqonic, Wordpress 2 Kivicare, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.16.
CVE-2026-25009 2 Rarathemes, Wordpress 2 Education Zone, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8.
CVE-2026-24981 2 Nootheme, Wordpress 2 Visionary Core, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-24964 2 Wasiliy Strecker / Contestgallery Developer, Wordpress 2 Contest Gallery, Wordpress 2026-04-24 6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.1.2.1.
CVE-2026-4591 1 Kalcaddle 1 Kodbox 2026-04-24 4.7 Medium
A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-25334 2 Wordpress, Wordpresschef 2 Wordpress, Salon Booking System Pro 2026-04-24 8.1 High
Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12.
CVE-2026-22509 2 Elated-themes, Wordpress 2 Gioia, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through <= 1.4.
CVE-2026-22493 2 Elated-themes, Wordpress 2 Gaspard, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affects Gaspard: from n/a through <= 1.3.
CVE-2026-22511 2 Elated-themes, Wordpress 2 Neobeat, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through <= 1.2.
CVE-2026-24971 2 Elated-themes, Wordpress 2 Search And Go Theme, Wordpress 2026-04-24 9.8 Critical
Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.