Modules\ CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 26), (line:1, col:27)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (333630 CVEs found)

CVE	Updated	CVSS v3.1
CVE-2026-27058	2026-02-19	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through <= 1.7.
CVE-2026-27057	2026-02-19	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through <= 1.7.
CVE-2026-27055	2026-02-19	N/A
Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0.
CVE-2026-27052	2026-02-19	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through <= 1.1.8.1.
CVE-2026-27050	2026-02-19	N/A
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0.
CVE-2026-27042	2026-02-19	N/A
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.
CVE-2026-25473	2026-02-19	N/A
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-25472	2026-02-19	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through <= 3.14.3.
CVE-2026-25463	2026-02-19	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate Wpresidence Core wpresidence-core allows Stored XSS.This issue affects Wpresidence Core: from n/a through <= 5.4.0.
CVE-2026-25459	2026-02-19	N/A
Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12.
CVE-2026-25453	2026-02-19	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through <= 2025.10.
CVE-2026-25451	2026-02-19	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.4.
CVE-2026-25441	2026-02-19	N/A
Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.
CVE-2026-25432	2026-02-19	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.6.7.
CVE-2026-25428	2026-02-19	N/A
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
CVE-2026-25423	2026-02-19	N/A
Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.16.4.
CVE-2026-25422	2026-02-19	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through <= 1.2.10.
CVE-2026-25420	2026-02-19	N/A
Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18.
CVE-2026-25419	2026-02-19	N/A
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.3.
CVE-2026-25418	2026-02-19	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.

« first previous Page 2 of 16682. next last »