Www\ CVEs and Security Vulnerabilities

Export limit exceeded: 347280 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found ':' (at char 24), (line:1, col:25)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (347280 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39641	2 Skywarrior, Wordpress	2 Blackfyre, Wordpress	2026-04-29	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4.
CVE-2026-39628	2 Kutethemes, Wordpress	2 Dukamarket, Wordpress	2026-04-29	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <= 1.3.0.
CVE-2026-39631	2 Ronik@unlimitedwp, Wordpress	2 Wpschoolpress, Wordpress	2026-04-29	4.9 Medium
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.
CVE-2026-39633	2 Themegoods, Wordpress	2 Grand Car Rental, Wordpress	2026-04-29	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9.
CVE-2026-39627	2 Wordpress, Wproyal	2 Wordpress, Ashe	2026-04-29	4.3 Medium
Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266.
CVE-2026-39626	2 Kutethemes, Wordpress	2 Armania, Wordpress	2026-04-29	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8.
CVE-2026-39624	2 Kutethemes, Wordpress	2 Biolife, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.
CVE-2026-39612	2 Kutethemes, Wordpress	2 Kuteshop, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.
CVE-2026-39614	2 Ilghera, Wordpress	2 Jw Player For Wordpress, Wordpress	2026-04-29	5.4 Medium
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6.
CVE-2026-39616	2 Dfactory, Wordpress	2 Download Attachments, Wordpress	2026-04-29	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0.
CVE-2026-39609	2 Wava.co, Wordpress	2 Wava Payment, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0.3.7.
CVE-2026-39592	2 Andy Ha, Wordpress	2 Depart, Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through <= 1.0.7.
CVE-2026-39605	2 Obadiah, Wordpress	2 Super Custom Login, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.
CVE-2026-39585	2 Arraytics, Wordpress	2 Booktics, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.
CVE-2026-39563	2 Illid, Wordpress	2 Share This Image, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.12.
CVE-2026-39572	2 Mage-people, Wordpress	2 Bus Ticket Booking With Seat Reservation, Wordpress	2026-04-29	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through < 5.6.5.
CVE-2026-39602	2 Rustaurius, Wordpress	2 Order Tracking, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3.
CVE-2026-39535	2 Fullworks, Wordpress	2 Display Eventbrite Events, Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through <= 6.5.6.
CVE-2026-39566	2 Designinvento, Wordpress	2 Directorypress, Wordpress	2026-04-29	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26.
CVE-2026-39565	2 Magepeople, Wordpress	2 Wptravelly, Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through <= 2.1.7.

« first previous Page 36 of 17364. next last »