\ CVEs and Security Vulnerabilities

Export limit exceeded: 346842 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found '\' (at char 28), (line:1, col:29)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346842 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68572	2 Spider-themes, Wordpress	2 Bbp Core, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BBP Core: from n/a through <= 1.4.1.
CVE-2025-68571	2 Salesmanago, Wordpress	2 Salesmanago, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through <= 3.9.0.
CVE-2025-68570	1 Wordpress	1 Wordpress	2026-04-27	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2.
CVE-2025-68569	2 Codepeople, Wordpress	2 Wp Time Slots Booking Form, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.39.
CVE-2025-68567	2 Wordpress, Wphocus	2 Wordpress, My Auctions Allegro	2026-04-27	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through <= 3.6.33.
CVE-2025-68565	1 Wordpress	1 Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3.
CVE-2025-68564	2 Sendy, Wordpress	2 Sendy, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2.
CVE-2025-68545	2 Thembay, Wordpress	2 Nika, Wordpress	2026-04-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14.
CVE-2025-68540	1 Wordpress	1 Wordpress	2026-04-27	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35.
CVE-2025-68535	2 Sunshinephotocart, Wordpress	2 Sunshine Photo Cart, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.
CVE-2025-68530	1 Wordpress	1 Wordpress	2026-04-27	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Bookory bookory allows PHP Local File Inclusion.This issue affects Bookory: from n/a through <= 2.2.7.
CVE-2025-68529	2 Rhys Wynne, Wordpress	2 Wp Email Capture, Wordpress	2026-04-27	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through <= 3.12.5.
CVE-2025-68523	2 Spiffyplugins, Wordpress	2 Spiffy Calendar, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7.
CVE-2025-68522	2 Wordpress, Wpstream	2 Wordpress, Wpstream	2026-04-27	4.3 Medium
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.
CVE-2025-68521	2 Wordpress, Wpstream	2 Wordpress, Wpstream	2026-04-27	5.3 Medium
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.
CVE-2025-68519	2 Berocket, Wordpress	2 Brands For Woocommerce, Wordpress	2026-04-27	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Blind SQL Injection.This issue affects Brands for WooCommerce: from n/a through <= 3.8.6.3.
CVE-2025-68517	2 Essekia, Wordpress	2 Tablesome Table, Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1.
CVE-2025-68516	2 Essekia, Wordpress	2 Tablesome Table, Wordpress	2026-04-27	5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.
CVE-2025-68511	2 Jegstudio, Wordpress	2 Gutenverse, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1.
CVE-2025-68506	1 Wordpress	1 Wordpress	2026-04-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03.

« first previous Page 37 of 17343. next last »