Search

Expected end of text, found '.' (at char 22), (line:1, col:23)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346367 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-49249 2026-04-23 8.6 High
Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3.
CVE-2024-49243 2 Jon Vincent Mendoza, Jonvincentmendoza 2 Dynamic Elementor Addons, Dynamic Elementor Addons 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ramjon27 Dynamic Elementor Addons dynamic-elementor-addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through <= 1.0.0.
CVE-2024-49241 1 Tadywalsh 1 Tito 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tady Tito tito allows DOM-Based XSS.This issue affects Tito: from n/a through <= 2.3.
CVE-2024-49237 1 Ahmetimamoglu 1 Ahmeti Wp Timeline 2026-04-23 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in ahmeti Ahmeti Wp Timeline ahmeti-wp-timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through <= 5.1.
CVE-2024-49236 1 Hafizuddinahmed 1 Crazy Call To Action Box 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box crazy-call-to-action-box allows DOM-Based XSS.This issue affects Crazy Call To Action Box: from n/a through <= 1.0.5.
CVE-2024-49234 1 Themeworm 1 Plexx Elementor Extension 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeworm Plexx Elementor Extension plexx-elementor-extension allows DOM-Based XSS.This issue affects Plexx Elementor Extension: from n/a through <= 1.3.6.
CVE-2024-49233 1 Madrasthemes 1 Mas Elementor 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MadrasThemes MAS Elementor mas-addons-for-elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through <= 1.1.6.
CVE-2024-49232 1 Javierloureiro 1 El Mejor Cluster 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in derethor El mejor Cluster mejorcluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through <= 1.1.15.
CVE-2024-49231 1 Petercyclop 1 Wordpress Video 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cyclop WordPress Video wordpress-video allows Stored XSS.This issue affects WordPress Video: from n/a through <= 1.0.
CVE-2024-49229 1 Arifnezami 1 Better Author Bio 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arifnezami Better Author Bio better-author-bio allows Reflected XSS.This issue affects Better Author Bio: from n/a through <= 2.7.10.11.
CVE-2024-49228 1 Crossedcode 1 Bverse Convert 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edwin Rivera bVerse Convert bverse-convert allows Stored XSS.This issue affects bVerse Convert: from n/a through <= 1.3.7.1.
CVE-2024-49225 1 Swebdeveloper 1 Wppricing Builder 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swebdeveloper wpPricing Builder wppricing-builder-lite-responsive-pricing-table-builder allows Stored XSS.This issue affects wpPricing Builder: from n/a through <= 1.5.0.
CVE-2024-49222 1 Wordpress 1 Wordpress 2026-04-23 9.8 Critical
Deserialization of Untrusted Data vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Object Injection.This issue affects WPGuppy: from n/a through <= 1.1.0.
CVE-2024-48049 1 Mightyplugins 1 Mighty Builder 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mighty Plugins Mighty Builder mighty-builder allows Stored XSS.This issue affects Mighty Builder: from n/a through <= 1.0.2.
CVE-2024-48048 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in GabbyKhrmon Wsify Widget wsify-widget allows Stored XSS.This issue affects Wsify Widget: from n/a through <= 1.0.
CVE-2024-48047 2026-04-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce linked-variation-for-woocommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through <= 1.0.5.
CVE-2024-48046 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through <= 1.7.28.
CVE-2024-48045 1 Leevio 1 Happy Addons For Elementor 2026-04-23 4.3 Medium
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.12.3.
CVE-2024-48044 1 Shortpixel 1 Image Optimizer 2026-04-23 5.4 Medium
Missing Authorization vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through <= 5.6.3.
CVE-2024-48043 1 Shortpixel 1 Shortpixel Image Optimizer 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through <= 5.6.3.