Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (317295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49900 1 Wordpress 1 Wordpress 2025-11-06 N/A
Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8.
CVE-2025-62066 1 Wordpress 1 Wordpress 2025-11-06 7.4 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through < 2.5.8.
CVE-2025-58619 1 Wordpress 1 Wordpress 2025-11-06 N/A
Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65.
CVE-2025-60240 1 Wordpress 1 Wordpress 2025-11-06 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6.
CVE-2025-53324 1 Wordpress 1 Wordpress 2025-11-06 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7.
CVE-2025-62031 2 Tagdiv, Wordpress 2 Composer, Wordpress 2025-11-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1.
CVE-2025-62059 1 Wordpress 1 Wordpress 2025-11-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force SureRank surerank.This issue affects SureRank: from n/a through <= 1.3.2.
CVE-2025-49393 2 Fetchdesigns, Wordpress 2 Sign-up Sheets, Wordpress 2025-11-06 N/A
Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through <= 2.3.2.
CVE-2025-48077 1 Wordpress 1 Wordpress 2025-11-06 N/A
Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0.
CVE-2025-58638 2 E-plugins, Wordpress 2 Institutions Directory, Wordpress 2025-11-06 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through <= 1.3.3.
CVE-2025-63307 1 Alexusmai 1 Laravel-file-manager 2025-11-06 8.1 High
alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization.
CVE-2025-53573 1 Wordpress 1 Wordpress 2025-11-06 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme Epic Review epic-review allows Reflected XSS.This issue affects Epic Review: from n/a through <= 1.0.2.
CVE-2025-60192 2 Premmerce, Wordpress 2 Wholesale Pricing For Woocommerce, Wordpress 2025-11-06 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
CVE-2025-49372 1 Wordpress 1 Wordpress 2025-11-06 N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through <= 1.0.7.
CVE-2025-62075 1 Wordpress 1 Wordpress 2025-11-06 7.3 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through <= 2.4.6.
CVE-2025-62038 1 Wordpress 1 Wordpress 2025-11-06 6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Sovlix MeetingHub meetinghub allows Retrieve Embedded Sensitive Data.This issue affects MeetingHub: from n/a through <= 1.23.9.
CVE-2025-39463 1 Wordpress 1 Wordpress 2025-11-06 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9.
CVE-2025-60203 1 Wordpress 1 Wordpress 2025-11-06 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows PHP Local File Inclusion.This issue affects Store Exporter: from n/a through <= 2.7.6.
CVE-2025-48083 1 Wordpress 1 Wordpress 2025-11-06 N/A
Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5.
CVE-2025-53242 1 Wordpress 1 Wordpress 2025-11-06 N/A
Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1.