Export limit exceeded: 361485 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found '\' (at char 28), (line:1, col:29)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (361485 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-56010 2 Tychesoftwares, Wordpress 2 Abandoned Cart Pro For Woocommerce, Wordpress 2026-06-26 8.8 High
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
CVE-2026-56029 2026-06-26 7.5 High
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
CVE-2026-56035 2026-06-26 8.6 High
Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions.
CVE-2026-56043 2 Cusrev, Wordpress 2 Customer Reviews For Woocommerce, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
CVE-2026-56055 2 Inspirythemes, Wordpress 2 Realhomes, Wordpress 2026-06-26 8.8 High
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
CVE-2026-56062 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
CVE-2026-56069 2026-06-26 7.5 High
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
CVE-2026-57315 2026-06-26 8.5 High
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
CVE-2026-57617 2 Seedprod Llc, Wordpress 2 Seedprod Pro, Wordpress 2026-06-26 6.5 Medium
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
CVE-2026-57630 2026-06-26 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.
CVE-2026-46710 2026-06-26 N/A
Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writable custom installation directory, and a privileged user later runs the installer and selects that directory, the attacker-controlled executable is launched with the elevated privileges of the installer. This vulnerability is fixed in 8.9.6.
CVE-2026-57649 2026-06-26 4.3 Medium
Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.
CVE-2026-57655 2026-06-26 8.2 High
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
CVE-2026-56070 2 Themehunk, Wordpress 2 Advance Product Search, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
CVE-2026-56072 2 Wordpress, Xtemos 2 Wordpress, Woodmart 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
CVE-2026-57312 2 Wordpress, Wpeverest 2 Wordpress, Everest Forms 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
CVE-2026-57313 2 Surecart, Wordpress 2 Surecart, Wordpress 2026-06-26 6.5 Medium
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
CVE-2026-57317 2 Nsquared, Wordpress 2 Simply Schedule Appointments, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
CVE-2026-57319 2 Realmag777, Wordpress 2 Fox, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
CVE-2026-57324 2 Villatheme, Wordpress 2 Gift4u, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.