Search

Expected end of text, found 'ón' (at char 33), (line:1, col:34)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (358171 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-41556 2 Properfraction, Wordpress 2 Profilepress, Wordpress 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
CVE-2026-42386 2 Tychesoftwares, Wordpress 2 Order Delivery Date For Woocommerce, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
CVE-2026-42639 2 Dev4press, Wordpress 2 Gd Rating System, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.
CVE-2026-42658 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2025-24252 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2026-06-16 8.8 High
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
CVE-2026-42663 2 Wordpress, Wp.insider 2 Wordpress, Simple Membership 2026-06-16 6.5 Medium
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
CVE-2026-42667 2 Bookly, Wordpress 2 Bookly, Wordpress 2026-06-16 7.5 High
Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.
CVE-2026-42688 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
CVE-2025-32975 1 Quest 1 Kace Systems Management Appliance 2026-06-16 10 Critical
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
CVE-2026-42775 2 Automatorwp, Wordpress 2 Automatorwp, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
CVE-2026-23970 2 Themeisle, Wordpress 2 Redirection For Contact Form 7, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
CVE-2026-25440 2 Wordpress, Wpdeveloper 2 Wordpress, Essential Addons For Elementor 2026-06-16 5.3 Medium
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
CVE-2026-27333 2 Videowhisper.com, Wordpress 2 Paid Videochat Turnkey Site, Wordpress 2026-06-16 8.1 High
Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site <= 7.3.23 versions.
CVE-2026-34892 2 Rank Math Seo, Wordpress 2 Rank Math Seo, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
CVE-2026-34900 2 Liquid Web / Stellarwp, Wordpress 2 Givewp, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
CVE-2026-39434 2 Webappick, Wordpress 2 Ctx Feed, Wordpress 2026-06-16 7.2 High
Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.
CVE-2026-39435 2 Bgermann, Wordpress 2 Cformsii, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
CVE-2026-39447 2 Nsquared, Wordpress 2 Simply Schedule Appointments, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
CVE-2026-39449 2 Itpathsolutions, Wordpress 2 Contact Form To Any Api, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
CVE-2026-39463 2 Managewp, Wordpress 2 Managewp Worker, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.