Search

Expected end of text, found ':' (at char 6), (line:1, col:7)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (317560 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-48330 1 Wordpress 1 Wordpress 2025-11-10 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows PHP Local File Inclusion.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0.
CVE-2025-48290 2 Bslthemes, Wordpress 2 Kinsley, Wordpress 2025-11-10 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through <= 3.4.4.
CVE-2025-48089 2 Rainbow-themes, Wordpress 2 Education Wordpress Theme, Wordpress 2025-11-10 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0.
CVE-2025-48086 2 Wordpress, Wp-dreams 2 Wordpress, Ajax Search 2025-11-10 9.8 Critical
Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3.
CVE-2025-48085 2 Wordpress, Zipang 2 Wordpress, Simple Stripe 2025-11-10 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through <= 0.9.17.
CVE-2025-48083 1 Wordpress 1 Wordpress 2025-11-10 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5.
CVE-2025-48078 1 Wordpress 1 Wordpress 2025-11-10 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3.
CVE-2025-48077 1 Wordpress 1 Wordpress 2025-11-10 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0.
CVE-2025-47932 2025-11-10 8.8 High
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack.
CVE-2025-47588 2 Acowebs, Wordpress 2 Dynamic Pricing With Discount Rules For Woocommerce, Wordpress 2025-11-10 9.8 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Code Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through <= 4.5.9.
CVE-2025-39468 1 Wordpress 1 Wordpress 2025-11-10 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1.
CVE-2025-39467 2 Mikado-themes, Wordpress 2 Wanderland, Wordpress 2025-11-10 9.8 Critical
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.
CVE-2025-39466 2 Mikado-themes, Wordpress 2 Dor, Wordpress 2025-11-10 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4.
CVE-2025-39465 2 Flippercode, Wordpress 2 Advanced Google Maps, Wordpress 2025-11-10 8.1 High
Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4.
CVE-2025-39463 1 Wordpress 1 Wordpress 2025-11-10 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9.
CVE-2025-33150 1 Ibm 1 Cognos Analytics 2025-11-10 5.3 Medium
IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages.
CVE-2025-32222 1 Wordpress 1 Wordpress 2025-11-10 9.8 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5.
CVE-2025-31029 1 Wordpress 1 Wordpress 2025-11-10 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through <= 1.2.0.
CVE-2025-27916 1 Anydesk 1 Anydesk 2025-11-10 7.5 High
An issue was discovered in AnyDesk through 9.0.4. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.
CVE-2025-12727 2025-11-10 N/A
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)