Dbd\ CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 6), (line:1, col:7)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (345027 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22464	2 Wordpress, Wphocus	2 Wordpress, My Auctions Allegro	2026-04-16	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through <= 3.6.33.
CVE-2026-22466	2 Chandnipatel, Wordpress	2 Wp Mapit, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through <= 3.0.3.
CVE-2026-22469	1 Wordpress	1 Wordpress	2026-04-16	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2.
CVE-2026-22470	2 Firestorm Plugins, Wordpress	2 Firestorm Professional Real Estate, Wordpress	2026-04-16	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11.
CVE-2026-22483	1 Wordpress	1 Wordpress	2026-04-16	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12.
CVE-2026-23976	2 Wordpress, Wpchill	2 Wordpress, Modula Image Gallery	2026-04-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.
CVE-2026-24354	1 Wordpress	1 Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.
CVE-2026-24365	2 Storeapps, Wordpress	2 Stock Manager For Woocommerce, Wordpress	2026-04-16	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.
CVE-2026-24366	2 Wordpress, Yithemes	2 Wordpress, Yith Woocommerce Request A Quote	2026-04-16	5.3 Medium
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0.
CVE-2026-24368	1 Wordpress	1 Wordpress	2026-04-16	8.8 High
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
CVE-2026-21264	1 Microsoft	2 Account, Micrososft Account	2026-04-16	9.3 Critical
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-24525	2 Cloudpanel, Wordpress	2 Clp Varnish Cache, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.
CVE-2026-24538	2 Omnipressteam, Wordpress	2 Omnipress, Wordpress	2026-04-16	7.6 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through <= 1.6.7.
CVE-2026-24544	2 Harmonicdesign, Wordpress	2 Hd Quiz, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.
CVE-2026-24555	2 Artplacer, Wordpress	2 Artplacer Widget, Wordpress	2026-04-16	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.2.
CVE-2026-24558	1 Wordpress	1 Wordpress	2026-04-16	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1.
CVE-2026-24559	2 Crm Perks, Wordpress	2 Integration For Contact Form 7 Hubspot, Wordpress	2026-04-16	5.4 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.3.
CVE-2026-24562	2 Ryviu, Wordpress	2 Product Reviews For Woocommerce, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product Reviews for WooCommerce: from n/a through <= 3.1.26.
CVE-2019-25559	2 Nsasoft, Nsauditor	2 Spotpaltalk, Spotpaltalk	2026-04-16	5.5 Medium
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.
CVE-2026-35580	2 Nationalsecurityagency, Nsa	2 Emissary, Emissary	2026-04-16	9.1 Critical
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated directly into shell commands via ${{ }} expression syntax. An attacker with repository write access could inject arbitrary shell commands, leading to repository poisoning and supply chain compromise affecting all downstream users. This vulnerability is fixed in 8.39.0.

« first previous Page 15 of 17252. next last »