Search

Expected end of text, found '.' (at char 14), (line:1, col:15)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (311367 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58256 1 Wordpress 1 Wordpress 2025-09-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Brinley DOAJ Export allows Stored XSS. This issue affects DOAJ Export: from n/a through 1.0.4.
CVE-2025-58255 1 Wordpress 1 Wordpress 2025-09-23 9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images allows Code Injection. This issue affects Custom Post Type Images: from n/a through 0.5.
CVE-2025-58254 3 Dtbaker, Elementor, Wordpress 3 Stylepress, Elementor, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dtbaker StylePress for Elementor allows Stored XSS. This issue affects StylePress for Elementor: from n/a through 1.2.1.
CVE-2025-58253 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rameez Iqbal Real Estate Manager allows DOM-Based XSS. This issue affects Real Estate Manager: from n/a through 7.3.
CVE-2025-58252 1 Wordpress 1 Wordpress 2025-09-23 4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid allows Retrieve Embedded Sensitive Data. This issue affects Getwid: from n/a through 2.1.2.
CVE-2024-41794 1 Siemens 2 7kt Pac1260 Data Manager, 7kt Pac1260 Data Manager Firmware 2025-09-23 10 Critical
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).
CVE-2025-58251 3 Elementor, Posimyth, Wordpress 3 Elementor, Sticky Header Effects, Wordpress 2025-09-23 4.3 Medium
Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sticky Header Effects for Elementor: from n/a through 2.1.2.
CVE-2025-58250 2 Apustheme, Wordpress 2 Findgo, Wordpress 2025-09-23 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Authentication Bypass. This issue affects Findgo: from n/a through 1.3.55.
CVE-2025-58249 2 Themeum, Wordpress 2 Qubely, Wordpress 2025-09-23 4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely allows Retrieve Embedded Sensitive Data. This issue affects Qubely: from n/a through 1.8.14.
CVE-2025-58248 2 Codefish, Wordpress 2 Pinterest Pinboard Widget, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codefish Pinterest Pinboard Widget allows Stored XSS. This issue affects Pinterest Pinboard Widget: from n/a through 1.0.7.
CVE-2025-58247 2 Templateinvaders, Wordpress 2 Ti Woocommerce Wishlist, Wordpress 2025-09-23 5.3 Medium
Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0.
CVE-2025-58245 2 Bestweblayout, Wordpress 2 Portfolio, Wordpress 2025-09-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58.
CVE-2025-58244 1 Wordpress 1 Wordpress 2025-09-23 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9.
CVE-2025-58242 2 Vadim Bogaiskov, Wordpress 2 Bg Church Memos, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vadim Bogaiskov Bg Church Memos allows DOM-Based XSS. This issue affects Bg Church Memos: from n/a through 1.1.
CVE-2025-58241 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snapwidget SnapWidget Social Photo Feed Widget allows DOM-Based XSS. This issue affects SnapWidget Social Photo Feed Widget: from n/a through 1.1.0.
CVE-2025-58240 2 Wordpress, Xiligroup 2 Wordpress, Xili-tidy-tags 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Stored XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06.
CVE-2025-58239 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandrika Sista WP Category Dropdown allows Stored XSS. This issue affects WP Category Dropdown: from n/a through 1.9.
CVE-2025-58238 2 Ontraport, Wordpress 2 Pilotpress, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ONTRAPORT PilotPress allows Stored XSS. This issue affects PilotPress: from n/a through 2.0.35.
CVE-2025-58237 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Niaj Morshed LC Wizard allows Stored XSS. This issue affects LC Wizard: from n/a through 1.3.0.
CVE-2025-58236 1 Wordpress 1 Wordpress 2025-09-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mayo Moriyama Force Update Translations allows Cross Site Request Forgery. This issue affects Force Update Translations: from n/a through 0.5.