Export limit exceeded: 84326 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (84326 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-39478 2026-06-16 8.8 High
Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.
CVE-2026-39533 2026-06-16 7.5 High
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
CVE-2026-39587 2026-06-16 8.1 High
Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.
CVE-2026-40779 2026-06-16 7.7 High
Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
CVE-2026-42664 2026-06-16 8.2 High
Unauthenticated Broken Access Control in AI Product Search for WooCommerce &#8211; Motive Commerce Search <= 1.38.2 versions.
CVE-2026-48868 2026-06-16 7.5 High
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.
CVE-2026-48876 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
CVE-2026-39490 2 Artbees, Wordpress 2 Jupiter X Core, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
CVE-2026-52711 2026-06-16 7.5 High
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
CVE-2026-39581 2 Activity-log.com, Wordpress 2 Wp Sessions Time Monitoring Full Automatic, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
CVE-2026-52714 2026-06-16 7.5 High
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
CVE-2026-48885 2 Groundhogg, Wordpress 2 Hollerbox, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
CVE-2026-48882 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
CVE-2026-49056 2 Webtoffee, Wordpress 2 Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels, Wordpress 2026-06-16 7.5 High
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
CVE-2026-49068 2 Relywp, Wordpress 2 Coupon Affiliates, Wordpress 2026-06-16 7.5 High
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
CVE-2026-49083 2 Latepoint, Wordpress 2 Latepoint, Wordpress 2026-06-16 7.5 High
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
CVE-2016-20075 2 Etoilewebdesign, Wordpress 2 Ultimate Product Catalog, Wordpress 2026-06-16 8.8 High
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.
CVE-2026-48964 2 Elextensions, Wordpress 2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
CVE-2026-48970 2 Really-simple-plugins, Wordpress 2 Really Simple Ssl, Wordpress 2026-06-16 8.1 High
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
CVE-2026-49065 2 Hippooo, Wordpress 2 Hippoo Mobile App For Woocommerce, Wordpress 2026-06-16 8.2 High
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.