Search

Expected end of text, found '.' (at char 18), (line:1, col:19)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (343612 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39716 2 Ckthemes, Wordpress 2 Flipmart, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.
CVE-2026-39710 2 Stmcan, Wordpress 2 Rt-theme 18 | Extensions, Wordpress 2026-04-08 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
CVE-2026-39704 2 Nfusionsolutions, Wordpress 2 Precious Metals Automated Product Pricing – Pro, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing &#8211; Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing &#8211; Pro: from n/a through <= 4.0.5.
CVE-2026-39698 2 Publisherdesk, Wordpress 2 The Publisher Desk Ads.txt, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through <= 1.5.0.
CVE-2026-39696 2 Elfsight, Wordpress 2 Elfsight Whatsapp Chat Cc, Wordpress 2026-04-08 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through <= 1.2.0.
CVE-2026-39694 2 Nsquared, Wordpress 2 Simply Schedule Appointments, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2.
CVE-2026-39692 2 Tagdiv, Wordpress 2 Tagdiv Composer, Wordpress 2026-04-08 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3.
CVE-2026-39688 2 Glowlogix, Wordpress 2 Wp Frontend Profile, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9.
CVE-2026-39682 2 Arjan Pronk, Wordpress 2 Linkpizza-manager, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.
CVE-2026-39702 2 Wealcoder, Wordpress 2 Animation Addons For Elementor, Wordpress 2026-04-08 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through <= 2.6.1.
CVE-2026-39697 2 Hbss Technologies, Wordpress 2 Maio – The New Ai Geo / Seo Tool, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in HBSS Technologies MAIO &#8211; The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO &#8211; The new AI GEO / SEO tool: from n/a through <= 6.2.8.
CVE-2026-39695 2 Podigee, Wordpress 2 Podigee, Wordpress 2026-04-08 N/A
Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through <= 1.4.0.
CVE-2026-39687 2 Rapid Car Check, Wordpress 2 Rapid Car Check Vehicle Data, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through <= 2.0.
CVE-2026-39680 2 Mwp Development, Wordpress 2 Diet Calorie Calculator, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through <= 1.1.1.
CVE-2026-39706 2 Netro Systems, Wordpress 2 Make My Trivia, Wordpress 2026-04-08 5.3 Medium
Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through <= 1.1.0.
CVE-2025-45058 1 Dlink 1 Di-8300 2026-04-08 N/A
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-50646 1 Dlink 1 Di-8003 2026-04-08 N/A
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint.
CVE-2025-50650 1 Dlink 1 Di-8003 2026-04-08 N/A
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.
CVE-2026-39681 2 Apustheme, Wordpress 2 Homeo, Wordpress 2026-04-08 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through <= 1.2.59.
CVE-2026-39699 2 Massiveshift, Wordpress 2 Ai Workflow Automation, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through <= 1.4.2.