Export limit exceeded: 334391 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334391 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67979 | 2 Westerndeal, Wordpress | 2 Wpforms Google Sheet Connector, Wordpress | 2026-02-23 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1. | ||||
| CVE-2026-20141 | 1 Splunk | 2 Splunk, Splunk Enterprise | 2026-02-23 | 4.3 Medium |
| In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console). | ||||
| CVE-2025-67980 | 2 Thembay, Wordpress | 2 Hara, Wordpress | 2026-02-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. | ||||
| CVE-2025-67981 | 2 Thembay, Wordpress | 2 Besa, Wordpress | 2026-02-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15. | ||||
| CVE-2025-67982 | 2 Thembay, Wordpress | 2 Urna, Wordpress | 2026-02-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. | ||||
| CVE-2025-67984 | 2 Calliko, Wordpress | 2 Nps Computy, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through <= 2.8.2. | ||||
| CVE-2025-67987 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1. | ||||
| CVE-2025-67988 | 2 Loftocean, Wordpress | 2 Cozystay, Wordpress | 2026-02-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1. | ||||
| CVE-2025-67990 | 2 Realmag777, Wordpress | 2 Gmap Targeting, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 GMap Targeting gmap-targeting allows Reflected XSS.This issue affects GMap Targeting: from n/a through <= 1.1.7. | ||||
| CVE-2025-67991 | 2 Vanquish, Wordpress | 2 User Extra Fields, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Extra Fields: from n/a through <= 16.8. | ||||
| CVE-2025-67992 | 2 Loftocean, Wordpress | 2 Patiotime, Wordpress | 2026-02-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1. | ||||
| CVE-2025-67993 | 2 Vito Peleg, Wordpress | 2 Atarim, Wordpress | 2026-02-23 | N/A |
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1. | ||||
| CVE-2025-67994 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yaycurrency | 2026-02-23 | N/A |
| Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3. | ||||
| CVE-2025-67995 | 2 Loftocean, Wordpress | 2 Patiotime, Wordpress | 2026-02-23 | N/A |
| Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1. | ||||
| CVE-2025-67996 | 2 Boldthemes, Wordpress | 2 Nestin, Wordpress | 2026-02-23 | N/A |
| Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6. | ||||
| CVE-2025-67997 | 2 Boldthemes, Wordpress | 2 Travelicious, Wordpress | 2026-02-23 | N/A |
| Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7. | ||||
| CVE-2025-67998 | 2 Kamleshyadav, Wordpress | 2 Miraculous Elementor, Wordpress | 2026-02-23 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7. | ||||
| CVE-2025-68000 | 2 Pickplugins, Wordpress | 2 Testimonial Slider, Wordpress | 2026-02-23 | N/A |
| Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | ||||
| CVE-2025-68002 | 2 100plugins, Wordpress | 2 Open User Map, Wordpress | 2026-02-23 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a through <= 1.4.16. | ||||
| CVE-2025-68005 | 2 Themewant, Wordpress | 2 Easy Hotel Booking, Wordpress | 2026-02-23 | N/A |
| Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.8.7. | ||||