Gitlab\ CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 6), (line:1, col:7)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346611 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-27413	2 Cozmoslabs, Wordpress	2 Profile Builder, Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro profile-builder-pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through < 3.14.0.
CVE-2026-27397	2 Really-simple-plugins, Wordpress	2 Really Simple Security, Wordpress	2026-04-23	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro really-simple-ssl-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through <= 9.5.4.0.
CVE-2026-27367	2 Themegoods, Wordpress	2 Musico, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through < 3.4.5.
CVE-2026-27362	2 Kamleshyadav, Wordpress	2 Wp Bakery Autoresponder Addon, Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6.
CVE-2026-27352	2 Themegoods, Wordpress	2 Starto, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through < 2.2.5.
CVE-2026-27096	2 Buddhathemes, Wordpress	2 Colorfolio - Freelance Designer Wordpress Theme, Wordpress	2026-04-23	8.1 High
Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme colorfolio allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through <= 1.3.
CVE-2026-27093	2 Ovatheme, Wordpress	2 Tripgo, Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through < 1.5.6.
CVE-2026-27091	2 Uipress, Wordpress	2 Uipress Lite, Wordpress	2026-04-23	6.3 Medium
Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09.
CVE-2026-27070	2 Wordpress, Wpeverest	2 Wordpress, Everest Forms	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro everest-forms-pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through <= 1.9.12.
CVE-2026-27067	2 Syarif, Wordpress	2 Mobile App Editor, Wordpress	2026-04-23	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through <= 1.3.1.
CVE-2026-27065	2 Thimpress, Wordpress	2 Builderpress, Wordpress	2026-04-23	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1.
CVE-2026-25471	2 Themepaste, Wordpress	2 Admin Safety Guard, Wordpress	2026-04-23	8.1 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through <= 1.2.7.
CVE-2026-25449	2 Shinetheme, Wordpress	2 Traveler, Wordpress	2026-04-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1.
CVE-2026-25445	2 Membershipsoftware, Wordpress	2 Wishlist Member X, Wordpress	2026-04-23	8.8 High
Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X wishlist-member-x allows Object Injection.This issue affects WishList Member X: from n/a through <= 3.29.0.
CVE-2026-25443	2 Dotstore, Wordpress	2 Fraud Prevention For Woocommerce, Wordpress	2026-04-23	7.5 High
Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.3.
CVE-2026-25442	2 Qantumthemes, Wordpress	2 Kentha, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through <= 4.7.2.
CVE-2026-25438	2 Themehunk, Wordpress	2 Gutenberg Blocks, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through <= 1.2.8.
CVE-2026-25387	2 Elementor, Wordpress	2 Image Optimizer By Elementor, Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through <= 1.7.1.
CVE-2026-25370	2 Aresit, Wordpress	2 Wp Compress, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through <= 6.60.28.
CVE-2026-25369	2 Flexmls, Wordpress	2 Flexmls Idx, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Reflected XSS.This issue affects Flexmls® IDX: from n/a through <= 3.15.9.

« first previous Page 113 of 17331. next last »