Search

Expected end of text, found ':' (at char 31), (line:1, col:32)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (329894 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69044 1 Wordpress 1 Wordpress 2026-01-26 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through <= 1.3.3.
CVE-2026-20613 1 Apple 2 Container, Containerization 2026-01-26 7.8 High
The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.
CVE-2025-68609 1 Palantir 1 Aries 2026-01-26 6.6 Medium
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.
CVE-2025-69060 1 Wordpress 1 Wordpress 2026-01-26 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects uReach: from n/a through <= 1.3.3.
CVE-2025-69066 1 Wordpress 1 Wordpress 2026-01-26 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Indoor Plants indoor-plants allows PHP Local File Inclusion.This issue affects Indoor Plants: from n/a through <= 1.2.7.
CVE-2025-69070 1 Wordpress 1 Wordpress 2026-01-26 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tornados tornados allows PHP Local File Inclusion.This issue affects Tornados: from n/a through <= 2.1.
CVE-2025-69075 1 Wordpress 1 Wordpress 2026-01-26 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Yolox yolox allows PHP Local File Inclusion.This issue affects Yolox: from n/a through <= 1.0.15.
CVE-2025-9289 1 Tp-link 2 Omada Controller, Omada Software Controller 2026-01-26 N/A
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.
CVE-2026-20883 1 Gitea 1 Gitea 2026-01-26 6.5 Medium
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.
CVE-2025-69317 2 Scriptsbundle, Wordpress 2 Carspot, Wordpress 2026-01-26 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through < 2.4.6.
CVE-2026-22278 1 Dell 1 Powerscale Onefs 2026-01-26 8.1 High
Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
CVE-2026-22348 1 Wordpress 1 Wordpress 2026-01-26 N/A
Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53.
CVE-2026-22382 2 Mikado-themes, Wordpress 2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress 2026-01-26 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
CVE-2026-22407 2 Mikado-themes, Wordpress 2 Roam, Wordpress 2026-01-26 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
CVE-2026-23976 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-01-26 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.
CVE-2026-24365 2 Storeapps, Wordpress 2 Stock Manager For Woocommerce, Wordpress 2026-01-26 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.
CVE-2026-24366 2 Wordpress, Yithemes 2 Wordpress, Yith Woocommerce Request A Quote 2026-01-26 5.3 Medium
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0.
CVE-2026-24374 2 Metagauss, Wordpress 2 Registrationmagic, Wordpress 2026-01-26 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.
CVE-2026-24381 1 Wordpress 1 Wordpress 2026-01-26 5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.
CVE-2025-70899 1 Phpgurukul 1 Online Course Registration 2026-01-26 6.5 Medium
PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.