Search

Expected end of text, found '.' (at char 14), (line:1, col:15)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (361450 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-40799 2 Replywp, Wordpress 2 Simple Cloudfare Turnstile, Wordpress 2026-06-26 5.8 Medium
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
CVE-2026-42668 2 Omnisend, Wordpress 2 Email Marketing For Woocommerce, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.
CVE-2026-42686 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 7.1 High
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
CVE-2026-42687 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.
CVE-2026-42743 2 Themegrill, Wordpress 2 Masteriyo, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
CVE-2026-45437 2 Brthumar1959, Wordpress 2 Product Filter Widget For Elementor, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions.
CVE-2026-45441 2 Magepeopleteam, Wordpress 2 Wpevently, Wordpress 2026-06-26 7.5 High
Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
CVE-2026-48878 2 Bootstrapped, Wordpress 2 Visual Link Preview, Wordpress 2026-06-26 6.5 Medium
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.
CVE-2026-49043 2 Wordpress, Wpengine 2 Wordpress, Wp Migrate 2026-06-26 4.7 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.
CVE-2026-49078 2 Wordpress, Wptravelengine 2 Wordpress, Wp Travel Engine 2026-06-26 7.5 High
Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
CVE-2026-49104 2 Crm Perks, Wordpress 2 Integration For Mailchimp And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress 2026-06-26 9.8 Critical
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.
CVE-2026-49109 2 Crmperks, Wordpress 2 Integration For Salesforce And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress 2026-06-26 9.8 Critical
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.
CVE-2026-49766 2 Wordpress, Wpusermanager 2 Wordpress, Wp User Manager 2026-06-26 9.9 Critical
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
CVE-2026-49770 2 Wordpress, Wptravelengine 2 Wordpress, Wp Travel Engine 2026-06-26 9.8 Critical
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
CVE-2026-49775 2 Welcart, Wordpress 2 Welcart E-commerce, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
CVE-2026-49776 2 John-dagelmore, Wordpress 2 Gptranslate – Multilingual Ai Translation For Wordpress: Automatically Translate Websites, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.
CVE-2026-52703 2 Ninjateam, Wordpress 2 Fastdup, Wordpress 2026-06-26 9.6 Critical
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
CVE-2026-52714 2 Squirrly, Wordpress 2 Seo Plugin By Squirrly Seo, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
CVE-2026-49772 2 Stellarwp, Wordpress 2 The Events Calendar, Wordpress 2026-06-26 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2.
CVE-2026-35318 2 Oracle, Orcacle 2 Webcenter Sites, Webcenter Sites 2026-06-26 8.8 High
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).