Export limit exceeded: 341845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found ':' (at char 30), (line:1, col:31)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341845 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-50010 2026-04-01 N/A
Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2.
CVE-2025-50009 2026-04-01 N/A
Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3.
CVE-2025-50008 2026-04-01 N/A
Missing Authorization vulnerability in cscode WooCommerce Manager &#8211; Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Manager &#8211; Customize and Control Cart page, Add to Cart button, Checkout fields easily: from n/a through <= 1.2.4.5.
CVE-2025-50001 2 Tagdiv, Wordpress 2 Tagdiv Composer, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.
CVE-2025-4957 2 Metagauss, Wordpress 2 Profilegrid, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Reflected XSS.This issue affects ProfileGrid : from n/a through <= 5.9.5.7.
CVE-2025-4414 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through < 2.5.7.
CVE-2025-49998 2026-04-01 N/A
Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Fortnox Integration: from n/a through <= 4.5.5.
CVE-2025-49997 2026-04-01 N/A
Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.18.
CVE-2025-49996 2026-04-01 N/A
Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.4.
CVE-2025-49995 2026-04-01 N/A
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.3.1.
CVE-2025-49993 2026-04-01 N/A
Missing Authorization vulnerability in csarturas Cookie-Script.com cookie-script-com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookie-Script.com: from n/a through <= 1.2.1.
CVE-2025-49990 2026-04-01 N/A
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contentstudio: from n/a through <= 1.3.7.
CVE-2025-49989 2026-04-01 N/A
Missing Authorization vulnerability in App Cheap App Builder app-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Builder: from n/a through <= 5.5.6.
CVE-2025-49988 2026-04-01 N/A
Missing Authorization vulnerability in Renzo Johnson Contact Form 7 AWeber Extension integrate-contact-form-7-and-aweber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 AWeber Extension: from n/a through <= 0.1.40.
CVE-2025-49987 2026-04-01 N/A
Missing Authorization vulnerability in WPFactory CRM ERP Business Solution crm-erp-business-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CRM ERP Business Solution: from n/a through <= 1.13.
CVE-2025-49986 2026-04-01 N/A
Missing Authorization vulnerability in thanhtungtnt Video List Manager video-list-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Video List Manager: from n/a through <= 1.7.
CVE-2025-49985 2026-04-01 N/A
Server-Side Request Forgery (SSRF) vulnerability in Ali Irani Auto Upload Images auto-upload-images allows Server Side Request Forgery.This issue affects Auto Upload Images: from n/a through <= 3.3.2.
CVE-2025-49984 2026-04-01 N/A
Server-Side Request Forgery (SSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.13.11.
CVE-2025-49983 2026-04-01 N/A
Server-Side Request Forgery (SSRF) vulnerability in Joe Hoyle WPThumb wp-thumb allows Server Side Request Forgery.This issue affects WPThumb: from n/a through <= 0.10.
CVE-2025-49982 2026-04-01 N/A
Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through <= 8.3.4.