Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (76324 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-63019 1 Wordpress 1 Wordpress 2026-01-26 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content Security Policy: from n/a through <= 2.34.
CVE-2025-63018 1 Wordpress 1 Wordpress 2026-01-26 8.8 High
Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229.
CVE-2025-62106 2 Mario Peshev, Wordpress 2 Wp-crm-system, Wordpress 2026-01-26 8.8 High
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.
CVE-2025-5805 2 Ninetheme, Wordpress 2 Electron, Wordpress 2026-01-26 8.8 High
Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2.
CVE-2025-54002 1 Wordpress 1 Wordpress 2026-01-26 8.8 High
Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4.
CVE-2025-50007 1 Wordpress 1 Wordpress 2026-01-26 8.8 High
Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4.
CVE-2025-49375 1 Wordpress 1 Wordpress 2026-01-26 8.8 High
Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1.
CVE-2025-47555 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-01-26 8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.
CVE-2025-31413 2 Bdthemes, Wordpress 2 Element Pack Elementor Addons, Wordpress 2026-01-26 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.
CVE-2025-56108 1 Ruijie 11 Rg-eap602, Rg-eap602 Firmware, Rg-est310 and 8 more 2026-01-26 8.8 High
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.
CVE-2026-22401 1 Wordpress 1 Wordpress 2026-01-26 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2.
CVE-2025-69293 2 E-plugins, Wordpress 2 Final User, Wordpress 2026-01-26 8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5.
CVE-2025-69292 2 E-plugins, Wordpress 2 Wp Membership, Wordpress 2026-01-26 8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2025-69193 2 E-plugins, Wordpress 2 Wp Membership, Wordpress 2026-01-26 7.3 High
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2025-69192 2 E-plugins, Wordpress 2 Real Estate Pro, Wordpress 2026-01-26 7.3 High
Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.
CVE-2025-69191 1 Wordpress 1 Wordpress 2026-01-26 7.3 High
Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.
CVE-2026-24390 3 Elementor, Qantumthemes, Wordpress 3 Elementor, Kentha Elementor Widgets, Wordpress 2026-01-26 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.
CVE-2025-13928 1 Gitlab 1 Gitlab 2026-01-26 7.5 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.
CVE-2025-13927 1 Gitlab 1 Gitlab 2026-01-26 7.5 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data.
CVE-2026-22230 2 Opexus, Opexustech 2 Ecase Audit, Ecase Audit 2026-01-26 7.6 High
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.