Search

Expected end of text, found '.' (at char 53), (line:1, col:54)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341868 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53193 2 Burst-statistics, Wordpress 2 Burst Statistics, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics burst-statistics allows Cross Site Request Forgery.This issue affects Burst Statistics: from n/a through <= 2.0.6.
CVE-2025-52836 1 Wordpress 1 Wordpress 2026-04-01 N/A
Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.
CVE-2025-52835 2 Conoha By Gmo, Wordpress 2 Wing Wordpress Migrator, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through <= 1.2.0.
CVE-2025-52834 2 Favethemes, Wordpress 2 Homey, Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a through <= 2.4.7.
CVE-2025-52833 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS lms allows SQL Injection.This issue affects LMS: from n/a through <= 9.2.
CVE-2025-52832 2 Wordpress, Wpo-hr 2 Wordpress, Ngg Smart Image Search 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows SQL Injection.This issue affects NGG Smart Image Search: from n/a through <= 3.4.1.
CVE-2025-52831 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through <= 1.7.
CVE-2025-52830 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bSecure &#8211; Your Universal Checkout bSecure &#8211; Your Universal Checkout bsecure allows Blind SQL Injection.This issue affects bSecure &#8211; Your Universal Checkout: from n/a through <= 1.7.9.
CVE-2025-52829 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ Email Marketing: from n/a through <= 2.0.
CVE-2025-52828 1 Wordpress 1 Wordpress 2026-04-01 N/A
Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through <= 3.8.
CVE-2025-52827 1 Wordpress 1 Wordpress 2026-04-01 N/A
Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-52825 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Privilege Escalation.This issue affects Real Estate Manager: from n/a through <= 7.3.
CVE-2025-52824 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3.
CVE-2025-52823 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through <= 1.16.8.
CVE-2025-52822 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WP Roadmap wp-roadmap allows SQL Injection.This issue affects WP Roadmap: from n/a through <= 2.1.3.
CVE-2025-52821 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through <= 1.7.
CVE-2025-52820 3 Infosoftplugin, Woocommerce, Wordpress 3 Woocommerce Point Of Sale, Woocommerce, Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (POS): from n/a through <= 1.4.
CVE-2025-52819 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos pakke allows SQL Injection.This issue affects Pakke Envíos: from n/a through <= 1.0.2.
CVE-2025-52818 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1.
CVE-2025-52817 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2.