Search

Expected end of text, found '.' (at char 18), (line:1, col:19)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (343487 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-5208 2026-04-08 8.2 High
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names
CVE-2026-39685 2 Lvaudore, Wordpress 2 The Moneytizer, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a through <= 10.0.10.
CVE-2026-5301 2026-04-08 7.6 High
Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries
CVE-2026-39686 2 Bannersky, Wordpress 2 Bsk Pdf Manager, Wordpress 2026-04-08 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
CVE-2026-39688 2 Glowlogix, Wordpress 2 Wp Frontend Profile, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9.
CVE-2026-39689 2 Eshipper, Wordpress 2 Eshipper Commerce, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.
CVE-2026-39691 2 Adastracrypto, Wordpress 2 Cryptocurrency Donation Box – Bitcoin & Crypto Donations, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a through <= 2.2.13.
CVE-2026-39692 2 Tagdiv, Wordpress 2 Tagdiv Composer, Wordpress 2026-04-08 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3.
CVE-2026-39693 2 Fesomia, Wordpress 2 Fsm Custom Featured Image Caption, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through <= 1.25.1.
CVE-2026-39694 2 Nsquared, Wordpress 2 Simply Schedule Appointments, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2.
CVE-2026-39698 2 Publisherdesk, Wordpress 2 The Publisher Desk Ads.txt, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through <= 1.5.0.
CVE-2026-39701 2 Andrew, Wordpress 2 Shopwp, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.
CVE-2026-39704 2 Nfusionsolutions, Wordpress 2 Precious Metals Automated Product Pricing – Pro, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing &#8211; Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing &#8211; Pro: from n/a through <= 4.0.5.
CVE-2026-39705 2 Mulika Team, Wordpress 2 Mipl Wc Multisite Sync, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through <= 1.4.4.
CVE-2026-39707 2026-04-08 N/A
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through <= 4.0.4.
CVE-2026-39708 2026-04-08 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through <= 1.3.14.
CVE-2026-39709 2 Thetechtribe, Wordpress 2 The Tribal, Wordpress 2026-04-08 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.4.
CVE-2026-39710 2 Stmcan, Wordpress 2 Rt-theme 18 | Extensions, Wordpress 2026-04-08 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
CVE-2026-39711 2 Stmcan, Wordpress 2 Rt-theme 18 | Extensions, Wordpress 2026-04-08 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
CVE-2026-39715 2 Anytrack, Wordpress 2 Anytrack Affiliate Link Manager, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.5.5.