Search

Expected end of text, found '.' (at char 31), (line:1, col:32)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344992 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-25451 2 Bold-themes, Wordpress 2 Bold Page Builder, Wordpress 2026-04-16 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.9.
CVE-2026-25453 2 Mdempfle, Wordpress 2 Advanced Iframe, Wordpress 2026-04-16 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through <= 2025.10.
CVE-2026-25473 2 Aa-team, Wordpress 2 Wzone, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-27052 2 Villatheme, Wordpress 2 Sales Countdown Timer For Woocommerce And Wordpress, Wordpress 2026-04-16 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through < 1.1.9.
CVE-2026-27055 2 Pencidesign, Wordpress 2 Penci Ai Smartcontent Creator, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0.
CVE-2026-27074 2 Vaakash, Wordpress 2 Shortcoder, Wordpress 2026-04-16 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vaakash Shortcoder shortcoder allows Stored XSS.This issue affects Shortcoder: from n/a through <= 6.5.1.
CVE-2026-26336 1 Hyland 3 Alfresco Community, Alfresco Content Services, Alfresco Enterprise 2026-04-16 7.5 High
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
CVE-2026-27327 2 Wordpress, Yaycommerce 2 Wordpress, Yaymail – Woocommerce Email Customizer 2026-04-16 4.3 Medium
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through <= 4.3.2.
CVE-2026-27343 2 Vankarwai, Wordpress 2 Airtifact, Wordpress 2026-04-16 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.
CVE-2026-27368 2 Seedprod, Wordpress 2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
CVE-2026-27387 2 Designinvento, Wordpress 2 Directorypress, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
CVE-2026-27440 2 Saadiqbal, Wordpress 2 Mycred, Wordpress 2026-04-16 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.
CVE-2026-22341 2 Case-themes, Wordpress 2 Booked, Wordpress 2026-04-16 5.4 Medium
Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0.
CVE-2026-22344 2 Mikado-themes, Wordpress 2 Fivestar, Wordpress 2026-04-16 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affects FiveStar: from n/a through <= 1.7.
CVE-2026-22346 2 A Wp Life, Wordpress 2 Slider Responsive Slideshow – Image Slider, Gallery Slideshow, Wordpress 2026-04-16 8.8 High
Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through <= 1.5.4.
CVE-2026-22351 2 Marcus (aka @msykes), Wordpress 2 Wp Fullcalendar, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through <= 1.6.
CVE-2026-22352 2 Persianscript, Wordpress 2 Persian Woocommerce Sms, Wordpress 2026-04-16 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through <= 7.1.1.
CVE-2026-22367 2 Ancorathemes, Wordpress 2 Coworking, Wordpress 2026-04-16 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue affects Coworking: from n/a through <= 1.6.1.
CVE-2026-22369 2 Ancorathemes, Wordpress 2 Ironfit, Wordpress 2026-04-16 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affects Ironfit: from n/a through <= 1.5.
CVE-2026-22370 2 Axiomthemes, Wordpress 2 Marveland, Wordpress 2026-04-16 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue affects Marveland: from n/a through <= 1.3.0.