Search
Search Results (337788 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27050 | 2 Thimpress, Wordpress | 2 Realpress, Wordpress | 2026-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0. | ||||
| CVE-2026-27052 | 2 Villatheme, Wordpress | 2 Sales Countdown Timer For Woocommerce And Wordpress, Wordpress | 2026-02-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through <= 1.1.8.1. | ||||
| CVE-2026-27066 | 2 Pi Web Solution, Wordpress | 2 Live Sales Notification For Woocommerce, Wordpress | 2026-02-20 | 5.3 Medium |
| Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.46. | ||||
| CVE-2026-27090 | 2 Wordpress, Wp Moose | 2 Wordpress, Kenta Companion | 2026-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through <= 1.3.3. | ||||
| CVE-2026-27092 | 2 Greg Winiarski, Wordpress | 2 Wpadverts, Wordpress | 2026-02-20 | 6.5 Medium |
| Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.2.11. | ||||
| CVE-2026-25527 | 2 Dgtlmoon, Webtechnologies | 2 Changedetection.io, Changedetection | 2026-02-20 | 5.3 Medium |
| changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("static/..", filename)` to execute. This moves the base directory up to `/app/changedetectionio`, enabling unauthenticated local file read of application source files (e.g., `flask_app.py`). Version 0.53.2 fixes the issue. | ||||
| CVE-2025-71247 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-71248 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-71249 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-71250 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-27325 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27324 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27323 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27322 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27321 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27320 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27319 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27318 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27317 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-26995 | 2026-02-20 | N/A | ||
| Further research determined the issue is an external dependency vulnerability. | ||||