Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11703 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-26911 2 Bowo, Wordpress 2 System Dashboard, Wordpress 2026-04-01 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard system-dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects System Dashboard: from n/a through <= 2.8.18.
CVE-2025-26908 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör kargo-entegrator allows SQL Injection.This issue affects Kargo Entegratör: from n/a through <= 1.1.14.
CVE-2025-26904 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gal_op WP Responsive Auto Fit Text wp-responsive-slab-text allows DOM-Based XSS.This issue affects WP Responsive Auto Fit Text: from n/a through <= 0.2.
CVE-2025-26898 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
CVE-2025-26893 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kiran Potphode Easy Charts easy-charts allows DOM-Based XSS.This issue affects Easy Charts: from n/a through <= 1.2.3.
CVE-2025-26889 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hockeydata hockeydata LOS hockeydata-los allows PHP Local File Inclusion.This issue affects hockeydata LOS: from n/a through <= 1.2.4.
CVE-2025-26885 1 Wordpress 1 Wordpress 2026-04-01 N/A
Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through <= 1.5.1.
CVE-2025-26880 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through <= 2.3.
CVE-2025-26873 1 Wordpress 1 Wordpress 2026-04-01 N/A
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
CVE-2025-26870 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through <= 3.6.4.1.
CVE-2025-26774 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups easy-popups allows Reflected XSS.This issue affects Responsive Modal Builder for High Conversion – Easy Popups: from n/a through <= 1.5.0.
CVE-2025-26762 2 Automattic, Wordpress 2 Woocommerce, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through <= 9.7.0.
CVE-2025-26760 2 Wordpress, Wow-company 2 Wordpress, Calculator-builder 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder calculator-builder allows PHP Local File Inclusion.This issue affects Calculator Builder: from n/a through <= 1.6.2.
CVE-2025-26756 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grimdonkey Magic the Gathering Card Tooltips magic-the-gathering-card-tooltips allows Stored XSS.This issue affects Magic the Gathering Card Tooltips: from n/a through <= 3.5.0.
CVE-2025-26753 2 Videowhisper, Wordpress 2 Videowhisper Live Streaming Integration, Wordpress 2026-04-01 N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through <= 6.2.
CVE-2025-26752 2 Videowhisper, Wordpress 2 Videowhisper Live Streaming Integration, Wordpress 2026-04-01 N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through <= 6.2.
CVE-2025-26748 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.
CVE-2025-26746 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in caalami Advanced Custom Fields: Link Picker Field acf-link-picker-field allows Reflected XSS.This issue affects Advanced Custom Fields: Link Picker Field: from n/a through <= 1.2.8.
CVE-2025-26744 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlog jet-blog allows DOM-Based XSS.This issue affects JetBlog: from n/a through <= 2.4.3.
CVE-2025-26743 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter advance-wp-query-search-filter allows Reflected XSS.This issue affects Advance WP Query Search Filter: from n/a through <= 1.0.10.