Search

Expected end of text, found ':' (at char 35), (line:1, col:36)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (330407 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-22404 2 Mikado-themes, Wordpress 2 Innovio, Wordpress 2026-01-27 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.
CVE-2026-22402 1 Wordpress 1 Wordpress 2026-01-27 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through <= 2.4.7.
CVE-2025-69300 2 Leap13, Wordpress 2 Premium Addons For Elementor, Wordpress 2026-01-27 5.4 Medium
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.
CVE-2025-69188 2 E-plugins, Wordpress 2 Fitness Trainer, Wordpress 2026-01-27 7.3 High
Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.
CVE-2025-69187 2 E-plugins, Wordpress 2 Final User, Wordpress 2026-01-27 7.3 High
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.
CVE-2025-69186 2 E-plugins, Wordpress 2 Hospital & Doctor Directory, Wordpress 2026-01-27 7.3 High
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-69185 1 Wordpress 1 Wordpress 2026-01-27 7.3 High
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.
CVE-2025-14430 2 Thememove, Wordpress 2 Brook, Wordpress 2026-01-27 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook - Agency Business Creative brook allows PHP Local File Inclusion.This issue affects Brook - Agency Business Creative: from n/a through <= 2.8.9.
CVE-2025-22707 2 Thememove, Wordpress 2 Moody, Wordpress 2026-01-27 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3.
CVE-2025-56101 1 Ruijie 5 M18-ew, M18-ew Firmware, M18 Ew and 2 more 2026-01-27 8.8 High
OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVE-2025-22708 2 Thememove, Wordpress 2 Mitech, Wordpress 2026-01-27 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4.
CVE-2025-56089 1 Ruijie 5 M18-ew, M18-ew Firmware, M18 Ew and 2 more 2026-01-27 8.8 High
OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
CVE-2025-67934 3 Mikado-themes, Qodeinteractive, Wordpress 3 Wellspring, Wellspring, Wordpress 2026-01-27 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8.
CVE-2025-56098 1 Ruijie 5 Rg-ew300 Pro, Rg-ew300 Pro Firmware, X30-pro and 2 more 2026-01-27 8.8 High
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVE-2025-20946 1 Samsung 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more 2026-01-27 8.8 High
Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction.
CVE-2025-20945 2 Samsung, Samsung Mobile 12 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 9 more 2026-01-27 4 Medium
Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.
CVE-2025-20939 1 Samsung 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more 2026-01-27 5.4 Medium
Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices.
CVE-2025-56093 1 Ruijie 7 Rg-eap602, Rg-eap602 Firmware, Rg-ew300 Pro and 4 more 2026-01-27 8.8 High
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua.
CVE-2025-56094 1 Ruijie 5 Rg-ew300 Pro, Rg-ew300 Pro Firmware, X30-pro and 2 more 2026-01-27 8.8 High
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/host_access_delay.lua.
CVE-2025-56095 1 Ruijie 4 Rg-eap602, Rg-eap602 Firmware, Rg-ew1200g Pro and 1 more 2026-01-27 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.