Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (78871 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27271 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue affects DB Tables Import/Export: from n/a through <= 1.0.1.
CVE-2025-27269 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anton Aleksandrov .htaccess Login block htaccess-login-block allows Reflected XSS.This issue affects .htaccess Login block: from n/a through <= 0.9a.
CVE-2025-27267 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes random-quotes allows Reflected XSS.This issue affects Random Quotes: from n/a through <= 1.3.
CVE-2025-27264 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows PHP Local File Inclusion.This issue affects Doctor Appointment Booking: from n/a through <= 1.0.0.
CVE-2025-27263 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows SQL Injection.This issue affects Doctor Appointment Booking: from n/a through <= 1.0.0.
CVE-2025-27015 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designingmedia Hostiko hostiko allows PHP Local File Inclusion.This issue affects Hostiko: from n/a through < 30.1.
CVE-2025-27014 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 30.1.
CVE-2025-27012 1 Wordpress 1 Wordpress 2026-04-23 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo a1post-bg-shipping-for-woocommerce allows Privilege Escalation.This issue affects A1POST.BG Shipping for Woo: from n/a through <= 1.5.
CVE-2025-27011 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows PHP Local File Inclusion.This issue affects Booking and Rental Manager: from n/a through <= 2.2.8.
CVE-2025-27010 2026-04-23 8.1 High
Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2.
CVE-2025-27009 2026-04-23 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.33.
CVE-2025-27005 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5.
CVE-2025-27004 2 Lambertgroup, Wordpress 2 Famous-responsive Image And Video Grid Gallery Wordpress Plugin, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through <= 1.4.
CVE-2025-27002 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.
CVE-2025-26999 1 Metagauss 1 Profilegrid 2026-04-23 8.8 High
Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.3.
CVE-2025-26997 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler wireless-butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through <= 1.0.11.
CVE-2025-26994 1 Softdiscover 1 Zigaform 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite zigaform-calculator-cost-estimation-form-builder-lite allows Stored XSS.This issue affects Zigaform – Price Calculator & Cost Estimation Form Builder Lite: from n/a through <= 7.4.2.
CVE-2025-26993 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Reflected XSS.This issue affects Atarim: from n/a through <= 4.1.0.
CVE-2025-26992 2 Fatcatapps, Wordpress 2 Landing Page Cat, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.8.
CVE-2025-26991 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza wppizza allows Reflected XSS.This issue affects WPPizza: from n/a through <= 3.19.4.