Search

Expected end of text, found '.' (at char 16), (line:1, col:17)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (347095 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47646 2026-04-28 N/A
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13.
CVE-2025-47620 1 Wordpress 1 Wordpress 2026-04-28 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network martins-free-and-easy-ad-network-get-more-visitors allows Reflected XSS.This issue affects Martins Free Monetized Ad Exchange Network: from n/a through <= 1.0.6.
CVE-2025-47619 2026-04-28 6.5 Medium
Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.
CVE-2025-47529 2026-04-28 6.5 Medium
Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through <= 1.1.1.
CVE-2025-46454 2026-04-28 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords & Description wp-meta-keywords-meta-description allows PHP Local File Inclusion.This issue affects Meta Keywords & Description: from n/a through <= 0.8.
CVE-2025-39583 2026-04-28 7.1 High
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.12.10.2.
CVE-2025-39373 2026-04-28 5.3 Medium
Missing Authorization vulnerability in jegtheme JNews jnews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JNews: from n/a through <= 11.6.16.
CVE-2025-32616 2026-04-28 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking nimbata-call-tracking allows Stored XSS.This issue affects Nimbata Call Tracking: from n/a through <= 1.7.4.
CVE-2025-32553 2 Magnigenie, Wordpress 2 Restropress, Wordpress 2026-04-28 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4.
CVE-2025-32276 2026-04-28 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z administrator-z allows Cross Site Request Forgery.This issue affects Administrator Z: from n/a through <= 2026.03.02.
CVE-2025-32257 2026-04-28 5.3 Medium
Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through <= 2.5.7.
CVE-2025-32246 1 Wordpress 1 Wordpress 2026-04-28 5.4 Medium
Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database 1-click-backup-restore-database-by-sunbytes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1-Click Backup & Restore Database: from n/a through <= 1.0.3.
CVE-2025-32220 1 Salonbookingsystem 1 Salon Booking System 2026-04-28 5.4 Medium
Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon booking system: from n/a through <= 10.30.23.
CVE-2025-32187 2026-04-28 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quý Lê 91 Administrator Z administrator-z allows DOM-Based XSS.This issue affects Administrator Z: from n/a through <= 2026.03.02.
CVE-2025-32183 2026-04-28 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Galaxy Weblinks Video Playlist For YouTube video-playlist-for-youtube allows Stored XSS.This issue affects Video Playlist For YouTube: from n/a through <= 6.7.1.
CVE-2025-32178 1 Wordpress 1 Wordpress 2026-04-28 5.4 Medium
Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.
CVE-2025-31875 2026-04-28 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginic FancyPost post-block allows DOM-Based XSS.This issue affects FancyPost: from n/a through <= 6.0.1.
CVE-2025-31836 1 Wordpress 1 Wordpress 2026-04-28 5.3 Medium
Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through <= 2.5.0.
CVE-2025-31808 2026-04-28 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor scss-wp-editor allows Cross Site Request Forgery.This issue affects SCSS WP Editor: from n/a through <= 1.2.1.
CVE-2025-31635 2026-04-28 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcast_history allows Path Traversal.This issue affects CLEVER: from n/a through <= 2.6.