\ CVEs and Security Vulnerabilities

Export limit exceeded: 344621 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found '\' (at char 29), (line:1, col:30)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344621 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39488	2 Surecart, Wordpress	2 Surecart, Wordpress	2026-04-14	6.3 Medium
Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.
CVE-2026-39496	2 Wordpress, Yaycommerce	2 Wordpress, Yaymail	2026-04-14	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through <= 4.3.3.
CVE-2026-39500	2 Themesflat, Wordpress	2 Themesflat Addons For Elementor, Wordpress	2026-04-14	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= 2.3.2.
CVE-2026-39504	2 Instawp, Wordpress	2 Instawp Connect, Wordpress	2026-04-14	5.4 Medium
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.
CVE-2026-39506	2 Jordy Meow, Wordpress	2 Ai-engine, Wordpress	2026-04-14	4.3 Medium
Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a through < 3.4.2.
CVE-2026-39509	2 Wordpress, Wpwax	2 Wordpress, Directorist	2026-04-14	5.3 Medium
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.
CVE-2026-39510	2 Wordpress, Wpchill	2 Wordpress, Image Photo Gallery Final Tiles Grid	2026-04-14	2.7 Low
Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.11.
CVE-2026-39520	2 Wedevs, Wordpress	2 Wedocs, Wordpress	2026-04-14	5.3 Medium
Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18.
CVE-2026-39521	2 Nelio Software, Wordpress	2 Nelio Content, Wordpress	2026-04-14	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.
CVE-2026-39535	2 Fullworks, Wordpress	2 Display Eventbrite Events, Wordpress	2026-04-14	5.3 Medium
Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through <= 6.5.6.
CVE-2026-39536	2 Wordpress, Wpchill	2 Wordpress, Rsvp And Event Management	2026-04-14	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.
CVE-2026-39562	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2026-04-14	5.3 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.
CVE-2026-39571	2 Themefic, Wordpress	2 Instantio, Wordpress	2026-04-14	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.
CVE-2026-39585	2 Arraytics, Wordpress	2 Booktics, Wordpress	2026-04-14	5.3 Medium
Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.
CVE-2026-39586	2 Ateeq Rafeeq, Wordpress	2 Repairbuddy, Wordpress	2026-04-14	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132.
CVE-2026-39588	2 Nmerii, Wordpress	2 Nm Gift Registry And Wishlist Lite, Wordpress	2026-04-14	5.3 Medium
Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13.
CVE-2026-39602	2 Rustaurius, Wordpress	2 Order Tracking, Wordpress	2026-04-14	N/A
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3.
CVE-2026-39604	2 Wordpress, Zookatron	2 Wordpress, Mybooktable Bookstore	2026-04-14	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.
CVE-2026-39606	2 Foysal Imran, Wordpress	2 Bizreview, Wordpress	2026-04-14	5.3 Medium
Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13.
CVE-2026-39608	2 Ipospays, Wordpress	2 Ipospays Gateways Wc, Wordpress	2026-04-14	5.3 Medium
Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7.

« first previous Page 28 of 17232. next last »