\ CVEs and Security Vulnerabilities

Search

Expected end of text, found '\' (at char 29), (line:1, col:30)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (329721 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68073	2 Ninjateam, Wordpress	2 Gpdr Ccpa Compliance Support, Wordpress	2026-01-26	N/A
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4.
CVE-2025-67614	1 Wordpress	1 Wordpress	2026-01-26	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through <= 1.5.5.
CVE-2025-68020	2 Wanotifier, Wordpress	2 Wanotifier, Wordpress	2026-01-26	N/A
Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through <= 2.7.12.
CVE-2025-68507	2 Icegram, Wordpress	2 Icegram, Wordpress	2026-01-26	N/A
Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.
CVE-2025-67615	1 Wordpress	1 Wordpress	2026-01-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through <= 1.5.1.
CVE-2025-67955	1 Wordpress	1 Wordpress	2026-01-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome Core: from n/a through <= 4.1.0.
CVE-2025-67616	1 Wordpress	1 Wordpress	2026-01-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through <= 1.2.29.
CVE-2025-50007	1 Wordpress	1 Wordpress	2026-01-26	N/A
Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4.
CVE-2025-67617	1 Wordpress	1 Wordpress	2026-01-26	N/A
Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through <= 1.4.3.
CVE-2025-67619	2 Designthemes, Wordpress	2 Kids Heaven, Wordpress	2026-01-26	N/A
Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2.
CVE-2025-67626	1 Wordpress	1 Wordpress	2026-01-26	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1.
CVE-2025-68006	1 Wordpress	1 Wordpress	2026-01-26	N/A
Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.
CVE-2025-68034	1 Wordpress	1 Wordpress	2026-01-26	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.22.
CVE-2025-68059	1 Wordpress	1 Wordpress	2026-01-26	N/A
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.
CVE-2025-62050	1 Wordpress	1 Wordpress	2026-01-26	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through <= 1.0.3.
CVE-2025-54003	2 Mikado-themes, Wordpress	2 Depot, Wordpress	2026-01-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through <= 1.16.
CVE-2025-67942	1 Wordpress	1 Wordpress	2026-01-26	N/A
Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6.
CVE-2025-67943	2 Wordpress, Wphocus	2 Wordpress, My Auctions Allegro	2026-01-26	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32.
CVE-2025-67957	2 Tangiblewp, Wordpress	2 Listivo, Wordpress	2026-01-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo Core: from n/a through <= 2.3.77.
CVE-2025-68041	2 Codisto, Wordpress	2 Omnichannel For Woocommerce, Wordpress	2026-01-26	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through <= 1.3.65.

« first previous Page 58 of 16487. next last »