Search

Expected end of text, found '.' (at char 17), (line:1, col:18)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (315359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58955 2025-10-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Karzo karzo allows PHP Local File Inclusion.This issue affects Karzo: from n/a through < 2.6.
CVE-2025-49948 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad Awais WP Super Edit wp-super-edit allows Reflected XSS.This issue affects WP Super Edit: from n/a through <= 2.5.4.
CVE-2025-49950 2025-10-22 N/A
Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.2.5.
CVE-2025-49954 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through <= 0.7.3.
CVE-2025-49960 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leadbi LeadBI Plugin for WordPress leadbi allows Stored XSS.This issue affects LeadBI Plugin for WordPress: from n/a through <= 1.7.
CVE-2025-52734 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through <= 1.2.1.
CVE-2025-52736 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through <= 2.20.0.
CVE-2025-52738 2025-10-22 N/A
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0.
CVE-2025-52742 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Igor Benic Pets pets allows Reflected XSS.This issue affects Pets: from n/a through <= 1.4.1.
CVE-2025-52750 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juergen Schulze Emu2 emu2-email-users-2 allows Reflected XSS.This issue affects Emu2: from n/a through <= 0.83b.
CVE-2025-52755 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor Child Themes child-themes allows Reflected XSS.This issue affects Child Themes: from n/a through <= 1.0.1.
CVE-2025-52756 2025-10-22 N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through <= 1.9.2.
CVE-2025-52758 2025-10-22 N/A
Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy zippy allows Using Malicious Files.This issue affects Zippy: from n/a through <= 1.7.0.
CVE-2025-53218 2025-10-22 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.5.
CVE-2025-53229 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav RockON DJ rockon allows Reflected XSS.This issue affects RockON DJ: from n/a through <= 3.3.
CVE-2025-53232 2025-10-22 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Retrieve Embedded Sensitive Data.This issue affects WP Gmail SMTP: from n/a through <= 1.0.7.
CVE-2025-53352 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Grid Plus grid-plus allows Reflected XSS.This issue affects Grid Plus: from n/a through <= 3.3.
CVE-2025-53420 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows Reflected XSS.This issue affects WPLMS: from n/a through <= 1.9.9.8.
CVE-2025-58971 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through <= 1.6.7.
CVE-2025-59006 2025-10-22 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Easy Woocommerce Customizer easy-woocommerce-customizer allows Reflected XSS.This issue affects Easy Woocommerce Customizer: from n/a through <= 1.0.2.