Search

Expected end of text, found ':' (at char 22), (line:1, col:23)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (338342 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-32597 1 Jpadilla 1 Pyjwt 2026-03-16 7.5 High
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 ยง4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.
CVE-2026-32458 2 Realmag777, Wordpress 2 Wolf, Wordpress 2026-03-16 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
CVE-2026-32454 2 Theme-fusion, Wordpress 2 Avada, Wordpress 2026-03-16 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.
CVE-2026-32443 2 Josh Kohlbach, Wordpress 2 Product Feed Pro For Woocommerce, Wordpress 2026-03-16 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.
CVE-2026-3999 1 Pointsharp 1 Id Server 2026-03-16 N/A
A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.
CVE-2026-32746 1 Gnu 1 Inetutils 2026-03-16 9.8 Critical
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVE-2026-32386 2 Envothemes, Wordpress 2 Envo Extra, Wordpress 2026-03-16 5.4 Medium
Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.13.
CVE-2026-32397 2 Wordpress, Ymc-22 2 Wordpress, Filter & Grids 2026-03-16 5.3 Medium
Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.
CVE-2026-32400 2 Themetechmount, Wordpress 2 Boldman, Wordpress 2026-03-16 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.
CVE-2026-32404 2 Studio99, Wordpress 2 Studio99 Wp Monitor, Wordpress 2026-03-16 5.3 Medium
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.
CVE-2026-32451 2 Themefusion, Wordpress 2 Fusion Builder, Wordpress 2026-03-16 6.3 Medium
Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.
CVE-2026-32486 2 Wordpress, Wptravelengine 2 Wordpress, Travel Booking 2026-03-16 5.3 Medium
Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9.
CVE-2026-32336 2 Rarathemes, Wordpress 2 Rara Business, Wordpress 2026-03-16 5.3 Medium
Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0.
CVE-2026-32342 2 Ays-pro, Wordpress 2 Quiz Maker, Wordpress 2026-03-16 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.
CVE-2026-32348 2 Madrasthemes, Wordpress 2 Mas Videos, Wordpress 2026-03-16 5.3 Medium
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.
CVE-2026-32355 2 Crocoblock, Wordpress 2 Jetengine, Wordpress 2026-03-16 8.8 High
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.
CVE-2026-32356 2 Robosoft, Wordpress 2 Robo Gallery, Wordpress 2026-03-16 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through <= 5.1.2.
CVE-2026-32372 2 Radiustheme, Wordpress 2 Shopbuilder โ€“ Elementor Woocommerce Builder Addons, Wordpress 2026-03-16 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder โ€“ Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder โ€“ Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4.
CVE-2026-32359 2 Bplugins, Wordpress 2 Icon List Block, Wordpress 2026-03-16 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3.
CVE-2026-32378 2 Rarathemes, Wordpress 2 Book Landing Page, Wordpress 2026-03-16 5.3 Medium
Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through <= 1.2.7.