CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (329632 CVEs found)

CVE	Updated	CVSS v3.1
CVE-2025-52789	2025-06-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress allows Stored XSS. This issue affects Lewe ChordPress: from n/a through 3.9.7.
CVE-2025-52783	2025-06-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce allows Stored XSS. This issue affects Change Cart button Colors WooCommerce: from n/a through 1.0.
CVE-2025-52782	2025-06-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in King Rayhan Scroll UP allows Reflected XSS. This issue affects Scroll UP: from n/a through 2.0.
CVE-2025-52733	2025-06-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anonform Ab ANON::form embedded secure form allows DOM-Based XSS. This issue affects ANON::form embedded secure form: from n/a through 1.7.
CVE-2025-50050	2025-06-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress allows Stored XSS. This issue affects Jobs for WordPress: from n/a through 2.7.12.
CVE-2025-50033	2025-06-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Fitness Park allows DOM-Based XSS. This issue affects Fitness Park: from n/a through 1.1.1.
CVE-2025-49993	2025-06-23	5.3 Medium
Missing Authorization vulnerability in Cookie Script Cookie-Script.com allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cookie-Script.com: from n/a through 1.2.1.
CVE-2025-49990	2025-06-23	5.3 Medium
Missing Authorization vulnerability in contentstudio ContentStudio allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ContentStudio: from n/a through 1.3.4.
CVE-2025-49984	2025-06-23	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.11.
CVE-2025-49966	2025-06-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0.
CVE-2025-49997	2025-06-23	5.3 Medium
Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17.
CVE-2025-49987	2025-06-23	5.3 Medium
Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13.
CVE-2025-52794	2025-06-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Creative Contact Form allows Stored XSS. This issue affects Creative Contact Form: from n/a through 1.0.0.
CVE-2025-52781	2025-06-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows Stored XSS. This issue affects TinyNav: from n/a through 1.4.
CVE-2025-52780	2025-06-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi allows Stored XSS. This issue affects Logo Manager For Samandehi: from n/a through 0.5.
CVE-2025-52715	2025-06-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing allows PHP Local File Inclusion. This issue affects Classified Listing: from n/a through 4.2.0.
CVE-2025-50013	2025-06-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Judge CSV Importer Improved allows Stored XSS. This issue affects CSV Importer Improved: from n/a through 0.6.1.
CVE-2025-49995	2025-06-23	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Attachments: from n/a through 1.3.1.
CVE-2025-50036	2025-06-23	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv allows Cross Site Request Forgery. This issue affects Mailing Group Listserv: from n/a through 3.0.5.
CVE-2025-50018	2025-06-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tealium Tealium allows Stored XSS. This issue affects Tealium: from n/a through 2.1.17.

« first previous Page 2890 of 16482. next last »