CVEs and Security Vulnerabilities

Export limit exceeded: 334505 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (334505 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25418	2 Bitpressadmin, Wordpress	2 Bit Form, Wordpress	2026-02-20	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
CVE-2026-25419	2 Flycart, Wordpress	2 Upsellwp, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.3.
CVE-2026-25422	2 Themes4wp, Wordpress	2 Popularis Extra, Wordpress	2026-02-20	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through <= 1.2.10.
CVE-2026-25423	2 Creativeinteractivemedia, Wordpress	2 Real3d Flipbook, Wordpress	2026-02-20	3.8 Low
Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.16.4.
CVE-2026-25428	2 Total-soft, Wordpress	2 Ts Poll, Wordpress	2026-02-20	4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
CVE-2026-25432	2 Omnipressteam, Wordpress	2 Omnipress, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.6.7.
CVE-2026-25441	2 Leadconnector, Wordpress	2 Leadconnector, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.
CVE-2026-25459	2 Uixthemes, Wordpress	2 Sober, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12.
CVE-2026-25463	2 Wordpress, Wpestate	2 Wordpress, Wpresidence Core	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate Wpresidence Core wpresidence-core allows Stored XSS.This issue affects Wpresidence Core: from n/a through <= 5.4.0.
CVE-2026-25473	2 Aa-team, Wordpress	2 Wzone, Wordpress	2026-02-20	5.4 Medium
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-27042	2 Wordpress, Wpdeveloper	2 Wordpress, Notificationx	2026-02-20	5.3 Medium
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.
CVE-2026-27050	2 Thimpress, Wordpress	2 Realpress, Wordpress	2026-02-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0.
CVE-2026-27052	2 Villatheme, Wordpress	2 Sales Countdown Timer For Woocommerce And Wordpress, Wordpress	2026-02-20	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through <= 1.1.8.1.
CVE-2026-27066	2 Pi Web Solution, Wordpress	2 Live Sales Notification For Woocommerce, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.46.
CVE-2026-27074	2 Vaakash, Wordpress	2 Shortcoder, Wordpress	2026-02-20	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vaakash Shortcoder shortcoder allows Stored XSS.This issue affects Shortcoder: from n/a through <= 6.5.1.
CVE-2026-27090	2 Wordpress, Wp Moose	2 Wordpress, Kenta Companion	2026-02-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through <= 1.3.3.
CVE-2026-27092	2 Greg Winiarski, Wordpress	2 Wpadverts, Wordpress	2026-02-20	6.5 Medium
Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.2.11.
CVE-2019-25430	2 Cdome, Comodo	2 Comodo Dome Firewall, Dome Firewall	2026-02-20	6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn_users endpoint with script payloads in the username field to execute arbitrary JavaScript in victim browsers.
CVE-2026-25527	2 Dgtlmoon, Webtechnologies	2 Changedetection.io, Changedetection	2026-02-20	5.3 Medium
changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("static/..", filename)` to execute. This moves the base directory up to `/app/changedetectionio`, enabling unauthenticated local file read of application source files (e.g., `flask_app.py`). Version 0.53.2 fixes the issue.
CVE-2025-71247	1 Spip	1 Spip	2026-02-20	N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

« first previous Page 157 of 16726. next last »