Search

Expected end of text, found '.' (at char 34), (line:1, col:35)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346208 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58888 2 Ancorathemes, Wordpress 2 Theflash, Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes The Flash theflash allows PHP Local File Inclusion.This issue affects The Flash: from n/a through <= 1.15.
CVE-2025-58887 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Course Finder | andré martin - it solutions &amp; research UG Course Booking Platform course-booking-platform allows Stored XSS.This issue affects Course Booking Platform: from n/a through <= 1.0.0.
CVE-2025-58886 1 Wordpress 1 Wordpress 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tan Nguyen Instant Locations instant-locations allows Stored XSS.This issue affects Instant Locations: from n/a through <= 1.0.
CVE-2025-58885 2 Ancorathemes, Wordpress 2 Pathfinder, Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pathfinder pathfinder allows PHP Local File Inclusion.This issue affects Pathfinder: from n/a through <= 1.16.
CVE-2025-58884 1 Wordpress 1 Wordpress 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Drago vipdrv vipdrv-vip-test-drive allows Stored XSS.This issue affects vipdrv: from n/a through <= 1.0.3.
CVE-2025-58883 1 Wordpress 1 Wordpress 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Harris Search Cloud One search-cloud-one allows Stored XSS.This issue affects Search Cloud One: from n/a through <= 2.2.5.
CVE-2025-58882 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in w1zzard Simple Text Slider simple-text-slider allows Stored XSS.This issue affects Simple Text Slider: from n/a through <= 1.0.5.
CVE-2025-58881 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New Simple Gallery: from n/a through <= 8.0.
CVE-2025-58880 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reubenthiessen Translate This gTranslate Shortcode translate-this-google-translate-web-element-shortcode allows Stored XSS.This issue affects Translate This gTranslate Shortcode: from n/a through <= 1.0.
CVE-2025-58879 2 Ancorathemes, Wordpress 2 Festy, Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Festy festy allows PHP Local File Inclusion.This issue affects Festy: from n/a through <= 1.13.0.
CVE-2025-58878 2026-04-23 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through <= 1.0.0.
CVE-2025-58877 2 Javothemes, Wordpress 2 Javo Core, Wordpress 2026-04-23 7.5 High
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.
CVE-2025-58876 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through <= 0.2.4.
CVE-2025-58875 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through <= 0.5.
CVE-2025-58874 2 Josepsitjar, Wordpress 2 Storymap, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in josepsitjar StoryMap wp-storymap allows DOM-Based XSS.This issue affects StoryMap: from n/a through <= 2.1.
CVE-2025-58873 1 Wordpress 1 Wordpress 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pusheco Pushe Web Push Notification pushe-webpush allows Stored XSS.This issue affects Pushe Web Push Notification: from n/a through <= 0.5.0.
CVE-2025-58872 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in premiumbizthemes Simple Price Calculator simple-price-calculator-basic allows Retrieve Embedded Sensitive Data.This issue affects Simple Price Calculator: from n/a through <= 1.3.
CVE-2025-58871 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luis Rock Master Paper Collapse Toggle master-paper-collapse-toggle allows Stored XSS.This issue affects Master Paper Collapse Toggle: from n/a through <= 1.1.
CVE-2025-58870 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP-GraphViz wp-graphviz allows DOM-Based XSS.This issue affects WP-GraphViz: from n/a through <= 1.5.1.
CVE-2025-58869 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through <= 1.3.2.