Solstice\ CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 27), (line:1, col:28)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (347013 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62746	2 Codeflavors, Wordpress	2 Featured Video For Wordpress & Videographywp, Wordpress	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress – VideographyWP videographywp allows Stored XSS.This issue affects Featured Video for WordPress – VideographyWP: from n/a through <= 1.0.18.
CVE-2026-20078	1 Cisco	1 Unity Connection	2026-04-28	6.5 Medium
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.  These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system.
CVE-2025-62116	1 Wordpress	1 Wordpress	2026-04-28	5.3 Medium
Missing Authorization vulnerability in quadlayers AI Copilot ai-copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through <= 1.5.2.
CVE-2025-62092	2 Wiremo, Wordpress	2 Wiremo, Wordpress	2026-04-28	5.3 Medium
Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99.
CVE-2025-62081	3 Channelize.io, Woocommerce, Wordpress	3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress	2026-04-28	5.3 Medium
Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0.
CVE-2025-62085	2 Bertha, Wordpress	2 Bertha Ai, Wordpress	2026-04-28	5.3 Medium
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
CVE-2025-62080	3 Channelize.io, Woocommerce, Wordpress	3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0.
CVE-2025-62079	1 Wordpress	1 Wordpress	2026-04-28	5.3 Medium
Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through <= 1.0.3.
CVE-2025-62023	2 S2member, Wordpress	2 S2member, Wordpress	2026-04-28	9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905.
CVE-2025-60189	3 Polopag, Woocommerce, Wordpress	3 Polopag, Woocommerce, Wordpress	2026-04-28	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP Local File Inclusion.This issue affects PoloPag – Pix Automático para Woocommerce: from n/a through <= 2.0.9.
CVE-2025-60177	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha – wp: from n/a through <= 0.2.6.
CVE-2025-60171	3 Woocommerce, Wordpress, Yourplugins	3 Woocommerce, Wordpress, Conditional Cart Messages For Woocommerce	2026-04-28	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through <= 1.2.10.
CVE-2025-60156	2 Webandprintdesign, Wordpress	2 Ar For Wordpress, Wordpress	2026-04-28	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.34.
CVE-2025-60143	2 Netgsm, Wordpress	2 Netgsm, Wordpress	2026-04-28	4.3 Medium
Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.69.
CVE-2025-60130	1 Wordpress	1 Wordpress	2026-04-28	5.3 Medium
Missing Authorization vulnerability in wedos.com WEDOS Global wgpwpp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WEDOS Global: from n/a through <= 1.2.2.
CVE-2025-60078	1 Wordpress	1 Wordpress	2026-04-28	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia – Montpellier Task Manager task-manager allows PHP Local File Inclusion.This issue affects Task Manager: from n/a through <= 3.0.2.
CVE-2025-58982	2 Pixeline, Wordpress	2 Email Protector, Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector pixelines-email-protector allows Stored XSS.This issue affects Pixeline's Email Protector: from n/a through <= 1.3.8.
CVE-2025-58965	2 Agency Dominion, Wordpress	2 Fusion Page Builder, Wordpress	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery fusion-extension-gallery allows Stored XSS.This issue affects Fusion Page Builder : Extension – Gallery: from n/a through <= 1.7.6.
CVE-2025-58887			2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Course Finder \| andré martin - it solutions & research UG Course Booking Platform course-booking-platform allows Stored XSS.This issue affects Course Booking Platform: from n/a through <= 1.0.0.
CVE-2025-58825	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Comment Form WP – Customize Default Comment Form comment-form-wp allows Stored XSS.This issue affects Comment Form WP – Customize Default Comment Form: from n/a through <= 2.0.1.

« first previous Page 54 of 17351. next last »