Sits\ CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 30), (line:1, col:31)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (329603 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22447	1 Wordpress	1 Wordpress	2026-01-23	N/A
Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1.
CVE-2025-69318	1 Wordpress	1 Wordpress	2026-01-23	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hossni Mubarak JobWP jobwp allows Stored XSS.This issue affects JobWP: from n/a through <= 2.4.5.
CVE-2026-22463	2 Micro.company, Wordpress	2 Form To Chat App, Wordpress	2026-01-23	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5.
CVE-2026-24366	2 Wordpress, Yithemes	2 Wordpress, Yith Woocommerce Request A Quote	2026-01-23	5.3 Medium
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0.
CVE-2026-22409	2 Mikado-themes, Wordpress	2 Justicia, Wordpress	2026-01-23	N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2.
CVE-2026-22398	2 Mikado-themes, Wordpress	2 Fleur, Wordpress	2026-01-23	N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0.
CVE-2025-69102	2 Boopathirajan, Wordpress	2 Wp Test Email, Wordpress	2026-01-23	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: from n/a through <= 1.1.7.
CVE-2026-22402	1 Wordpress	1 Wordpress	2026-01-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through <= 2.4.7.
CVE-2025-69183	2 E-plugins, Wordpress	2 Hospital & Doctor Directory, Wordpress	2026-01-23	N/A
Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2026-24357	1 Wordpress	1 Wordpress	2026-01-23	N/A
Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4.
CVE-2026-22401	1 Wordpress	1 Wordpress	2026-01-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2.
CVE-2025-69319	2 Wordpress, Wpbeaverbuilder	2 Wordpress, Beaver Builder	2026-01-23	N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through <= 2.9.4.1.
CVE-2025-69193	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2026-01-23	N/A
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2026-22482	2 Wbolt, Wordpress	2 Imgspider, Wordpress	2026-01-23	N/A
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12.
CVE-2026-23974	2 Uxper, Wordpress	2 Golo, Wordpress	2026-01-23	N/A
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
CVE-2026-22407	2 Mikado-themes, Wordpress	2 Roam, Wordpress	2026-01-23	N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
CVE-2026-24387	1 Wordpress	1 Wordpress	2026-01-23	4.3 Medium
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through <= 2.1.
CVE-2024-11976	2 Buddypress, Wordpress	2 Buddypress, Wordpress	2026-01-23	7.3 High
The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVE-2025-46699	1 Dell	1 Data Protection Advisor	2026-01-23	4.3 Medium
Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-0773	1 Upsonic	1 Upsonic	2026-01-23	N/A
Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the add_tool endpoint, which listens on TCP port 7541 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26845.

« first previous Page 54 of 16481. next last »