Search

Expected end of text, found '.' (at char 24), (line:1, col:25)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49979 2026-04-01 N/A
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.1.
CVE-2025-49978 2026-04-01 N/A
Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch wp-jobsearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through < 3.0.6.
CVE-2025-49977 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Cross Site Request Forgery.This issue affects WP Inventory Manager: from n/a through <= 2.3.4.
CVE-2025-49976 2026-04-01 N/A
Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.12.
CVE-2025-49975 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through <= 2.4.0.
CVE-2025-49974 2026-04-01 N/A
Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress upstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through <= 2.1.1.
CVE-2025-49973 2026-04-01 N/A
Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes image-sizes-controller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes: from n/a through <= 1.0.10.
CVE-2025-49972 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy tm-replace-howdy allows Cross Site Request Forgery.This issue affects TM Replace Howdy: from n/a through <= 1.4.2.
CVE-2025-49971 2026-04-01 N/A
Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eDS Responsive Menu: from n/a through <= 1.2.
CVE-2025-49970 2026-04-01 N/A
Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog hello-fse-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE Blog: from n/a through <= 1.0.6.
CVE-2025-49969 2026-04-01 N/A
Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through <= 1.2.17.2.
CVE-2025-49968 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget oganro-reservation-widget allows Cross Site Request Forgery.This issue affects XML Travel Portal Widget: from n/a through <= 2.0.
CVE-2025-49967 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder live-sports-streamthunder allows Cross Site Request Forgery.This issue affects Live Sports Streamthunder: from n/a through <= 2.1.
CVE-2025-49966 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API oganro-travel-portal-search-widget-for-hotelbeds-apitude-api allows Cross Site Request Forgery.This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through <= 1.0.
CVE-2025-49965 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine pixelbeds-channel-manager-booking-engine allows Cross Site Request Forgery.This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through <= 1.0.
CVE-2025-49964 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink cliplink allows Cross Site Request Forgery.This issue affects ClipLink: from n/a through <= 1.1.
CVE-2025-49894 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-49893 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Nuss nuss allows Reflected XSS.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-49892 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through <= 1.3.3.
CVE-2025-49891 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through <= 1.3.3.