Search

Expected end of text, found '.' (at char 42), (line:1, col:43)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (326505 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-12514 1 Centreon 1 Centreon 2026-01-05 7.2 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
CVE-2023-53779 2026-01-05 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-62078 1 Wordpress 1 Wordpress 2026-01-05 4.3 Medium
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through 3.0.0.
CVE-2025-59130 1 Wordpress 1 Wordpress 2026-01-05 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through 1.0.8.
CVE-2025-63014 2 Serhii Pasiuk, Wordpress 2 Gmedia Photo Gallery, Wordpress 2026-01-05 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through 1.24.1.
CVE-2025-62113 1 Wordpress 1 Wordpress 2026-01-05 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in emendo_seb Co-marquage service-public.Fr allows Cross Site Request Forgery.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.77.
CVE-2025-63038 2 Northern Beaches Websites, Wordpress 2 Wp Custom Admin Interface, Wordpress 2026-01-05 4.3 Medium
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40.
CVE-2025-66155 2 Merkulove, Wordpress 2 Questionar For Elementor, Wordpress 2026-01-05 5.4 Medium
Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7.
CVE-2025-66160 2 Merkulove, Wordpress 2 Select Graphist For Elementor, Wordpress 2026-01-05 5.4 Medium
Missing Authorization vulnerability in merkulove Select Graphist for Elementor Graphist for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elementor Graphist for Elementor: from n/a through 1.2.10.
CVE-2025-49355 1 Wordpress 1 Wordpress 2026-01-05 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ikaes Accessibility Press allows Stored XSS.This issue affects Accessibility Press: from n/a through 1.0.2.
CVE-2025-49352 3 Woocommerce, Wordpress, Yoohw Studio 3 Woocommerce, Wordpress, Order Cancellation & Returns For Woocommerce 2026-01-05 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through 1.1.10.
CVE-2025-62087 2 Web Builder 143, Wordpress 2 Sticky Notes For Wp Dashboard, Wordpress 2026-01-05 4.3 Medium
Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through 1.2.4.
CVE-2025-62130 2 Wordpress, Wpdiscover 2 Wordpress, Accordion Slider Gallery 2026-01-05 4.3 Medium
Missing Authorization vulnerability in WPdiscover Accordion Slider Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider Gallery: from n/a through 2.7.
CVE-2025-23608 1 Wordpress 1 Wordpress 2026-01-05 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omar Mohamed Mohamoud LIVE TV allows Reflected XSS.This issue affects LIVE TV: from n/a through 1.2.
CVE-2025-59138 1 Wordpress 1 Wordpress 2026-01-05 4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through 1.6.6.
CVE-2025-49356 3 Mykola Lukin, Woocommerce, Wordpress 3 Orders Chat For Woocommerce, Woocommerce, Wordpress 2026-01-05 4.3 Medium
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through 1.2.0.
CVE-2025-62089 1 Wordpress 1 Wordpress 2026-01-05 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through 4.2.0.
CVE-2025-62751 1 Wordpress 1 Wordpress 2026-01-05 4.3 Medium
Missing Authorization vulnerability in Extend Themes Vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through 1.0.24.
CVE-2025-63040 1 Wordpress 1 Wordpress 2026-01-05 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11.
CVE-2025-62099 1 Wordpress 1 Wordpress 2026-01-05 4.3 Medium
Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through 1.8.6.