Search

Expected end of text, found ',' (at char 45), (line:1, col:46)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (347350 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-39562 1 Codepeople 1 Payment Form For Paypal Pro 2026-04-29 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue affects Payment Form for PayPal Pro: from n/a through <= 1.1.72.
CVE-2025-49454 2026-04-29 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through < 3.10.0.
CVE-2025-49919 2 Wordpress, Wpcenter 2 Wordpress, Eroom 2026-04-29 5.8 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.
CVE-2025-47438 1 Wpjobportal 1 Wp Job Portal 2026-04-29 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.3.1.
CVE-2025-47618 1 Wordpress 1 Wordpress 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Reflected XSS.This issue affects BMI Adult & Kid Calculator: from n/a through <= 1.2.2.
CVE-2025-49437 1 Wordpress 1 Wordpress 2026-04-29 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation league-of-legends-rotation allows Stored XSS.This issue affects WP LOL Rotation: from n/a through <= 1.0.
CVE-2025-47646 2026-04-29 9.8 Critical
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13.
CVE-2025-39449 2026-04-29 7.5 High
Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.
CVE-2025-39447 1 Crocoblock 1 Jetelements For Elementor 2026-04-29 7.5 High
Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
CVE-2025-32275 1 Ays-pro 1 Survey Maker 2026-04-29 4.3 Medium
Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through <= 5.1.6.3.
CVE-2025-32545 2026-04-29 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images woocommerce-products-without-featured-images allows Reflected XSS.This issue affects WooCommerce Products without featured images: from n/a through <= 0.1.
CVE-2025-32227 2 Asgaros, Wordpress 2 Asgaros Forum, Wordpress 2026-04-29 4.3 Medium
Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0.
CVE-2025-39358 1 Wordpress 1 Wordpress 2026-04-29 8.8 High
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through <= 1.3.12.
CVE-2025-39391 2026-04-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zamartz Checkout Field Visibility for WooCommerce checkout-field-visibility-for-woocommerce allows PHP Local File Inclusion.This issue affects Checkout Field Visibility for WooCommerce: from n/a through <= 1.3.0.
CVE-2025-32128 1 Wordpress 1 Wordpress 2026-04-29 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aaronfrey Nearby Locations nearby-locations allows SQL Injection.This issue affects Nearby Locations: from n/a through <= 1.1.1.
CVE-2025-32223 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-04-29 6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.
CVE-2025-30841 1 Wordpress 1 Wordpress 2026-04-29 9.9 Critical
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through <= 2.8.8.
CVE-2025-32689 2 Themesgrove, Wordpress 2 Wp Smartpay, Wordpress 2026-04-29 7.5 High
Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through <= 2.8.2.
CVE-2025-32491 1 Wordpress 1 Wordpress 2026-04-29 9.8 Critical
Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through <= 2.2.4.
CVE-2025-32205 2026-04-29 2.7 Low
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30.