Search

Expected end of text, found '/' (at char 38), (line:1, col:39)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (358659 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39597 2 Wordpress, Wpzoom 2 Wordpress, Wpzoom Addons For Elementor 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
CVE-2025-69172 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.
CVE-2025-69175 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
CVE-2025-69135 2026-06-17 8.5 High
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
CVE-2026-39576 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
CVE-2026-22328 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.
CVE-2026-40756 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
CVE-2025-60229 2026-06-17 9.8 Critical
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.
CVE-2026-27869 1 Teldat 1 Regesta Smart Hd-plc - Tldph16d2 2026-06-17 N/A
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
CVE-2025-49403 2 Aa-team, Wordpress 2 Premium Age Verification Restriction For Wordpress, Wordpress 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
CVE-2025-69128 2026-06-17 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3.
CVE-2025-69120 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
CVE-2025-69140 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
CVE-2026-39523 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
CVE-2026-54808 2026-06-17 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.
CVE-2026-40720 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
CVE-2026-49108 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
CVE-2026-54819 2026-06-17 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0.
CVE-2026-39546 2 Techspawn, Wordpress 2 Multiloca, Wordpress 2026-06-17 7.6 High
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
CVE-2026-54192 2 Ays-pro, Wordpress 2 Popup Box, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.