Search

Expected end of text, found '.' (at char 37), (line:1, col:38)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344962 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-23974 2 Uxper, Wordpress 2 Golo, Wordpress 2026-04-16 8.8 High
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
CVE-2026-23975 2 Uxper, Wordpress 2 Golo, Wordpress 2026-04-16 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5.
CVE-2026-23978 1 Wordpress 1 Wordpress 2026-04-16 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through <= 2.2.1.
CVE-2026-24356 1 Wordpress 1 Wordpress 2026-04-16 8.8 High
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
CVE-2026-24357 1 Wordpress 1 Wordpress 2026-04-16 8.1 High
Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4.
CVE-2026-24360 2 Craig Hewitt, Wordpress 2 Seriously Simple Podcasting, Wordpress 2026-04-16 4.6 Medium
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.
CVE-2026-24361 2 Thimpress, Wordpress 2 Learnpress, Wordpress 2026-04-16 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress &#8211; Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress &#8211; Course Review: from n/a through <= 4.1.9.
CVE-2026-24367 1 Wordpress 1 Wordpress 2026-04-16 8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.
CVE-2026-24371 2 Booking Algorithms, Wordpress 2 Ba Book Everything, Wordpress 2026-04-16 9.8 Critical
Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through <= 1.8.16.
CVE-2026-24374 2 Metagauss, Wordpress 2 Registrationmagic, Wordpress 2026-04-16 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.
CVE-2026-24377 2 Posimyth, Wordpress 2 Nexter Blocks, Wordpress 2026-04-16 7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3.
CVE-2026-24380 2 Metagauss, Wordpress 2 Eventprime, Wordpress 2026-04-16 8.8 High
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.
CVE-2026-24388 1 Wordpress 1 Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through <= 2.14.0.
CVE-2026-24390 3 Elementor, Qantumthemes, Wordpress 3 Elementor, Kentha Elementor Widgets, Wordpress 2026-04-16 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.
CVE-2026-24306 1 Microsoft 1 Azure Front Door 2026-04-16 9.8 Critical
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-24304 1 Microsoft 1 Azure Resource Manager 2026-04-16 9.9 Critical
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-24523 1 Wordpress 1 Wordpress 2026-04-16 7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6.
CVE-2026-24524 1 Wordpress 1 Wordpress 2026-04-16 8.1 High
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.6.
CVE-2026-24529 2 Alejandro, Wordpress 2 Quick Restaurant Reservations, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7.
CVE-2026-24534 1 Wordpress 1 Wordpress 2026-04-16 8.8 High
Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <= 1.5.7.