Search

Expected end of text, found ':' (at char 26), (line:1, col:27)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (347340 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2023-26000 1 Wordpress 1 Wordpress 2026-04-28 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0.1.
CVE-2023-25999 2026-04-28 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n/a through 2.4.
CVE-2023-25998 2026-04-28 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Samex - Clean, Minimal Shop WooCommerce WordPress Theme: from n/a through 2.6.
CVE-2023-25997 2026-04-28 6.5 Medium
Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.
CVE-2023-25995 2026-04-28 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in choicehomemortgage AI Mortgage Calculator allows PHP Local File Inclusion. This issue affects AI Mortgage Calculator: from n/a through 1.0.1.
CVE-2023-25994 1 Publish To Schedule Project 1 Publish To Schedule 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions.
CVE-2023-25993 2 Webberzone, Wordpress 2 Top 10, Wordpress 2026-04-28 4.3 Medium
Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
CVE-2023-25990 1 Themeum 1 Tutor Lms 2026-04-28 7.1 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.
CVE-2023-25988 2026-04-28 7.5 High
Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6.
CVE-2023-25975 1 Etsy Shop Project 1 Etsy Shop 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions.
CVE-2023-25966 1 Ninjateam 1 Filebird 2026-04-28 5.5 Medium
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4.
CVE-2023-25959 2 Apollo13themes, Wordpress 2 Apollo13 Framework Extensions, Wordpress 2026-04-28 5.4 Medium
Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10.
CVE-2023-25800 1 Themeum 1 Tutor Lms 2026-04-28 8.1 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.
CVE-2023-25791 1 Wordpress 1 Wordpress 2026-04-28 5.4 Medium
Missing Authorization vulnerability in Cadus Pro Fontiran allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fontiran: from n/a through 2.1.
CVE-2023-25714 1 Fullworksplugins 1 Quick Paypal Payments 2026-04-28 7.5 High
Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
CVE-2023-25703 1 Essentialplugin 1 Meta Slider And Carousel With Lightbox 2026-04-28 5.3 Medium
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta slider and carousel with lightbox: from n/a through 1.6.2.
CVE-2023-25700 1 Themeum 1 Tutor Lms 2026-04-28 8.2 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.
CVE-2023-25486 1 Wordpress 1 Wordpress 2026-04-28 4.3 Medium
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7.
CVE-2023-25469 2 Magazine3, Wordpress 2 Easy Table Of Contents, Wordpress 2026-04-28 5.4 Medium
Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2.
CVE-2023-25455 1 Miniorange 1 Wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\) 2026-04-28 5.3 Medium
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.