Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (46701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54198 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
CVE-2026-54191 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
CVE-2026-39437 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions.
CVE-2026-10093 2026-06-16 6.4 Medium
The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-48838 2 Wordpress, Wpexperts 2 Wordpress, Post Smtp 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
CVE-2026-48870 2 Kingaddons, Wordpress 2 King Addons For Elementor, Wordpress 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
CVE-2025-48700 2 Synacor, Zimbra 2 Zimbra Collaboration Suite, Zimbra 2026-06-16 6.1 Medium
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.
CVE-2026-39451 2 Jgwhite33, Wordpress 2 Wp Google Review Slider, Wordpress 2026-06-16 6.3 Medium
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
CVE-2026-40732 2 Rainafarai, Wordpress 2 Notification For Telegram, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
CVE-2026-40770 2 Relywp, Wordpress 2 Coupon Affiliates, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
CVE-2026-40787 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
CVE-2026-40791 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVE-2026-41556 2 Properfraction, Wordpress 2 Profilepress, Wordpress 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
CVE-2026-42658 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2026-42663 2 Wordpress, Wp.insider 2 Wordpress, Simple Membership 2026-06-16 6.5 Medium
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
CVE-2026-42688 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
CVE-2026-42775 2 Automatorwp, Wordpress 2 Automatorwp, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
CVE-2026-23970 2 Themeisle, Wordpress 2 Redirection For Contact Form 7, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
CVE-2026-34900 2 Liquid Web / Stellarwp, Wordpress 2 Givewp, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
CVE-2026-39435 2 Bgermann, Wordpress 2 Cformsii, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.