Search

Expected end of text, found '.' (at char 20), (line:1, col:21)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-39469 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1.
CVE-2025-39464 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites AdminQuickbar adminquickbar allows Reflected XSS.This issue affects AdminQuickbar: from n/a through <= 1.9.1.
CVE-2025-39462 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in teamzt Smart Agreements smart-agreements allows PHP Local File Inclusion.This issue affects Smart Agreements: from n/a through <= 1.0.3.
CVE-2025-39461 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.02.
CVE-2025-39460 1 Thimpress 1 Eduma 2026-04-01 N/A
Missing Authorization vulnerability in ThimPress Eduma eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through <= 5.6.4.
CVE-2025-39459 2026-04-01 N/A
Incorrect Privilege Assignment vulnerability in contempoinc Real Estate 7 realestate-7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a through <= 3.5.2.
CVE-2025-39458 1 Qodeinteractive 1 Foton 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through <= 2.5.2.
CVE-2025-39457 2026-04-01 N/A
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.2.8.
CVE-2025-39456 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in iTRON WP Logger wp-data-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Logger: from n/a through <= 2.2.
CVE-2025-39455 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in IP2Location IP2Location Variables ip2location-variables allows Reflected XSS.This issue affects IP2Location Variables: from n/a through <= 2.9.5.
CVE-2025-39454 2026-04-01 N/A
Missing Authorization vulnerability in Jeroen Peters Name Directory name-directory.This issue affects Name Directory: from n/a through <= 1.30.0.
CVE-2025-39453 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Cross Site Request Forgery.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through <= 4.9.3.
CVE-2025-39452 1 Themewinter 1 Wpcafe 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through <= 2.2.32.
CVE-2025-39451 2026-04-01 N/A
Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.
CVE-2025-39450 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.7.
CVE-2025-39449 2026-04-01 N/A
Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.
CVE-2025-39448 1 Crocoblock 1 Jetelements For Elementor 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
CVE-2025-39447 1 Crocoblock 1 Jetelements For Elementor 2026-04-01 N/A
Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
CVE-2025-39445 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.2.
CVE-2025-39444 1 Maxfoundry 1 Maxbuttons 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through <= 9.8.3.