Search

Expected end of text, found '.' (at char 29), (line:1, col:30)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341233 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-21533 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-03-30 7.8 High
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2025-69096 2 G5theme, Wordpress 2 Zorka, Wordpress 2026-03-30 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zorka: from n/a through <= 1.5.7.
CVE-2026-22480 2 Webtoffee, Wordpress 2 Product Feed For Woocommerce, Wordpress 2026-03-30 7.2 High
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3.
CVE-2026-22485 2 Ruhul080, Wordpress 2 My Album Gallery, Wordpress 2026-03-30 6.5 Medium
Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through <= 1.0.4.
CVE-2026-22491 2 Wordpress, Wphocus 2 Wordpress, My Auctions Allegro 2026-03-30 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.35.
CVE-2026-22494 2 Themerex, Wordpress 2 Good Homes, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through <= 1.3.13.
CVE-2026-22498 2 Elated-themes, Wordpress 2 Laurent, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.
CVE-2026-22500 2 Axiomthemes, Wordpress 2 M2 | Construction And Tools Store, Wordpress 2026-03-30 9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through <= 1.1.2.
CVE-2026-22503 2 Themerex, Wordpress 2 Nelson, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through <= 1.2.0.
CVE-2026-22504 2 Themerex, Wordpress 2 Prolingua, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through <= 1.1.12.
CVE-2026-22505 2 Ancorathemes, Wordpress 2 Morning Records, Wordpress 2026-03-30 8.1 High
Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through <= 1.2.
CVE-2026-22506 2 Elated-themes, Wordpress 2 Amoli, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli allows PHP Local File Inclusion.This issue affects Amoli: from n/a through <= 1.0.
CVE-2026-22507 2 Ancorathemes, Wordpress 2 Beelove, Wordpress 2026-03-30 9.8 Critical
Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6.
CVE-2026-22512 2 Elated-themes, Wordpress 2 Roisin, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through <= 1.2.1.
CVE-2026-22516 2 Ancorathemes, Wordpress 2 Wizor's, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12.
CVE-2026-22524 2 Themepassion, Wordpress 2 Legacy Admin, Wordpress 2026-03-30 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Legacy Admin legacy-admin allows Reflected XSS.This issue affects Legacy Admin: from n/a through <= 9.5.
CVE-2026-23806 2 Blueglass Interactive Ag, Wordpress 2 Jobs For Wordpress, Wordpress 2026-03-30 7.5 High
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8.
CVE-2026-23807 2 Wordpress, Wpsocio 2 Wordpress, Wp Telegram Widget And Join Link 2026-03-30 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.13.
CVE-2026-23973 2 Uxper, Wordpress 2 Golo, Wordpress 2026-03-30 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.
CVE-2026-23977 2 Wordpress, Wpfactory 2 Wordpress, Helpdesk Support Ticket System For Woocommerce 2026-03-30 7.5 High
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2.