Search

Expected end of text, found '–' (at char 33), (line:1, col:34)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (334251 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69403 2026-02-20 N/A
Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through <= 1.1.9.
CVE-2025-69401 2026-02-20 N/A
Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.
CVE-2025-69398 2026-02-20 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through <= 1.7.
CVE-2025-69391 2026-02-20 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through <= 2.4.8.
CVE-2025-69390 2026-02-20 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Business Template Blocks for WPBakery (Visual Composer) Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for WPBakery (Visual Composer) Page Builder: from n/a through <= 1.3.2.
CVE-2025-69389 2026-02-20 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Visitor Maps Extended Referer Field visitor-maps-extended-referer-field allows Reflected XSS.This issue affects Visitor Maps Extended Referer Field: from n/a through <= 1.2.6.
CVE-2025-69384 2026-02-20 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdiscover Timeline Event History timeline-event-history allows Reflected XSS.This issue affects Timeline Event History: from n/a through <= 3.2.
CVE-2025-69381 2026-02-20 N/A
Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Product Editor: from n/a through <= 3.0.
CVE-2025-69380 2026-02-20 N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.
CVE-2025-69377 2026-02-20 N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.
CVE-2025-69375 2026-02-20 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5.
CVE-2025-69374 2026-02-20 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through <= 2.0.3.
CVE-2025-69373 2026-02-20 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7.
CVE-2025-69370 2026-02-20 N/A
Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through <= 2.5.5.
CVE-2025-69330 2026-02-20 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through < 1.4.1.
CVE-2025-69328 2026-02-20 N/A
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.9.
CVE-2025-69326 2026-02-20 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through <= 9.1.7.
CVE-2025-69324 2026-02-20 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.1.7.
CVE-2025-69323 2026-02-20 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2.
CVE-2025-69322 2026-02-20 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through < 1.5.9.