Auditor Website Project CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 6), (line:1, col:7)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (329871 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24572	1 Wordpress	1 Wordpress	2026-01-26	8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.1.0.
CVE-2026-0775	1 Npm	1 Npm	2026-01-26	7.0 High
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430.
CVE-2026-24585	3 Hyyan Abo Fakher, Woocommerce, Wordpress	3 Hyyan Woocommerce Polylang Integration, Woocommerce, Wordpress	2026-01-26	6.5 Medium
Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0.
CVE-2026-24587	1 Wordpress	1 Wordpress	2026-01-26	5.4 Medium
Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through <= 0.10.210305.
CVE-2026-24588	1 Wordpress	1 Wordpress	2026-01-26	4.3 Medium
Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through <= 1.5.4.
CVE-2026-24589	2 Cargus Ecommerce, Wordpress	2 Cargus, Wordpress	2026-01-26	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.
CVE-2026-24591	2 Wordpress, Yasir129	2 Wordpress, Turn Yoast Seo Faq Block To Accordion	2026-01-26	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6.
CVE-2026-24593	2 Strategy11, Wordpress	2 Awp Classifieds, Wordpress	2026-01-26	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
CVE-2026-24595	2 Wordpress, Zohocorp	2 Wordpress, Zoho Crm Lead Magnet	2026-01-26	5.4 Medium
Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.5.
CVE-2026-24599	2 Wordpress, Xlplugins	2 Wordpress, Nextmove	2026-01-26	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.
CVE-2026-24601	1 Wordpress	1 Wordpress	2026-01-26	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through <= 1.5.
CVE-2026-24603	1 Wordpress	1 Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8.
CVE-2026-24604	1 Wordpress	1 Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.
CVE-2026-24605	2 Pencilwp, Wordpress	2 X Addons For Elementor, Wordpress	2026-01-26	4.3 Medium
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.
CVE-2026-24606	3 Web Impian, Woocommerce, Wordpress	3 Bayarcash Woo Commerce, Woocommerce, Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.11.
CVE-2026-24607	1 Wordpress	1 Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.
CVE-2026-24609	1 Wordpress	1 Wordpress	2026-01-26	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.
CVE-2026-24612	2 Themebeez, Wordpress	2 Orchid Store, Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
CVE-2026-24613	2 Lightspeedhq, Wordpress	2 Ecwid Ecommerce Shopping Cart, Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.
CVE-2026-24614	1 Wordpress	1 Wordpress	2026-01-26	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through <= 1.2.8.

« first previous Page 95 of 16494. next last »