Search

Expected end of text, found ':' (at char 21), (line:1, col:22)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359003 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-12461 1 Google 1 Chrome 2026-06-17 6.5 Medium
Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CVE-2025-69139 2 Aivahthemes, Wordpress 2 Car Zone, Wordpress 2026-06-17 8.6 High
Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions.
CVE-2025-69141 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.
CVE-2025-69142 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Abelle <= 1.22 versions.
CVE-2025-69143 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Mission <= 1.22 versions.
CVE-2025-69146 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Dom <= 1.24 versions.
CVE-2026-7850 2026-06-17 5.9 Medium
The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user.
CVE-2025-69147 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Putter <= 1.17 versions.
CVE-2025-69149 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions.
CVE-2025-69150 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Medeus <= 1.14 versions.
CVE-2025-69151 2 Themegoods, Wordpress 2 Grand Car Rental, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
CVE-2026-8089 2026-06-17 7.1 High
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL.
CVE-2025-69159 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Printo <= 1.11 versions.
CVE-2025-69160 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Gita <= 1.11 versions.
CVE-2025-69162 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.
CVE-2026-8383 2026-06-17 5.3 Medium
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
CVE-2025-69163 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in WineShop <= 3.17 versions.
CVE-2025-69165 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.
CVE-2025-69167 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Eros <= 1.3 versions.
CVE-2026-9570 2 Taskbuilder, Wordpress 2 Taskbuilder, Wordpress 2026-06-17 7.1 High
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.