Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9077 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-9155 1 Mattermost 2 Mattermost, Mattermost Server 2025-09-29 4.3 Medium
Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of.
CVE-2025-10871 1 Gitlab 1 Gitlab 2025-09-29 3.8 Low
An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.
CVE-2025-60106 1 Wordpress 1 Wordpress 2025-09-29 4.9 Medium
Missing Authorization vulnerability in Roxnor EmailKit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EmailKit: from n/a through 1.6.0.
CVE-2025-48326 1 Wordpress 1 Wordpress 2025-09-29 6.5 Medium
Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acclectic Media Organizer: from n/a through 1.4.
CVE-2025-60116 1 Wordpress 1 Wordpress 2025-09-29 5.4 Medium
Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3.
CVE-2025-60121 2 Exthemes, Wordpress 2 Wooevents, Wordpress 2025-09-29 5.3 Medium
Missing Authorization vulnerability in Ex-Themes WooEvents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooEvents: from n/a through 4.1.7.
CVE-2025-60152 1 Wordpress 1 Wordpress 2025-09-29 4.3 Medium
Missing Authorization vulnerability in wpshuffle Subscribe To Unlock allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subscribe To Unlock: from n/a through 1.1.5.
CVE-2025-60166 1 Wordpress 1 Wordpress 2025-09-29 4.3 Medium
Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms PRO: from n/a through 2.0.5.
CVE-2025-60122 1 Wordpress 1 Wordpress 2025-09-29 4.3 Medium
Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.
CVE-2025-60130 1 Wordpress 1 Wordpress 2025-09-29 5.3 Medium
Missing Authorization vulnerability in wedos.com WEDOS Global allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEDOS Global: from n/a through 1.2.2.
CVE-2025-60123 1 Wordpress 1 Wordpress 2025-09-29 4.3 Medium
Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.
CVE-2025-60155 1 Wordpress 1 Wordpress 2025-09-29 5.3 Medium
Missing Authorization vulnerability in loopus WP Virtual Assistant allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Virtual Assistant: from n/a through 3.0.
CVE-2025-60148 1 Wordpress 1 Wordpress 2025-09-29 4.3 Medium
Missing Authorization vulnerability in wpshuffle Subscribe to Download allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subscribe to Download: from n/a through 2.0.9.
CVE-2025-60120 2 Wordpress, Wpdirectorykit 2 Wordpress, Wp Directory Kit 2025-09-29 5.3 Medium
Missing Authorization vulnerability in wpdirectorykit WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Directory Kit: from n/a through 1.3.8.
CVE-2025-60127 2 Artistscope, Wordpress 2 Copysafe Web Protection, Wordpress 2025-09-29 5.4 Medium
Missing Authorization vulnerability in ArtistScope CopySafe Web Protection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CopySafe Web Protection: from n/a through 4.3.
CVE-2025-60165 1 Wordpress 1 Wordpress 2025-09-29 4.3 Medium
Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7.
CVE-2025-60159 3 Webmaniabr, Woocommerce, Wordpress 3 Nota Fiscal Eletronica, Woocommerce, Wordpress 2025-09-29 4.3 Medium
Missing Authorization vulnerability in webmaniabr Nota Fiscal EletrĂ´nica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal EletrĂ´nica WooCommerce: from n/a through 3.4.0.6.
CVE-2025-60129 1 Wordpress 1 Wordpress 2025-09-29 5.3 Medium
Missing Authorization vulnerability in Yext Yext allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yext: from n/a through 1.1.3.
CVE-2025-60128 1 Wordpress 1 Wordpress 2025-09-29 4.3 Medium
Missing Authorization vulnerability in WP Delicious Delisho allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delisho: from n/a through 1.1.3.
CVE-2025-60143 2 Netgsm, Wordpress 2 Netgsm, Wordpress 2025-09-29 4.3 Medium
Missing Authorization vulnerability in netgsm Netgsm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netgsm: from n/a through 2.9.58.