Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (327781 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-28354 2025-04-29 6.5 Medium
An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request.
CVE-2025-39404 2025-04-29 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social Share allows Phishing. This issue affects Sassy Social Share: from n/a through 3.3.73.
CVE-2025-39391 2025-04-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zamartz Checkout Field Visibility for WooCommerce allows PHP Local File Inclusion. This issue affects Checkout Field Visibility for WooCommerce: from n/a through 1.2.3.
CVE-2025-39390 2025-04-29 5.3 Medium
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Booking and Rental Manager: from n/a through 2.3.8.
CVE-2025-39387 2025-04-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Opstore allows PHP Local File Inclusion. This issue affects Opstore: from n/a through 1.4.5.
CVE-2025-39384 2025-04-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce Product Lister for eBay allows PHP Local File Inclusion. This issue affects Product Lister for eBay: from n/a through 2.0.9.
CVE-2025-39383 2025-04-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Work Web Xews Lite allows PHP Local File Inclusion. This issue affects Xews Lite: from n/a through 1.0.9.
CVE-2025-39382 2025-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1.
CVE-2025-39360 2025-04-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag allows PHP Local File Inclusion. This issue affects Grace Mag: from n/a through 1.1.5.
CVE-2025-46498 2025-04-29 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0.
CVE-2025-46479 2025-04-29 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevynCJohnson BBCode Deluxe allows DOM-Based XSS. This issue affects BBCode Deluxe: from n/a through 2020.08.01.2.
CVE-2025-46275 2025-04-29 9.8 Critical
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing any existing credentials.
CVE-2025-2185 2025-04-29 8 High
ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception.
CVE-2025-46536 2025-04-29 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images allows DOM-Based XSS. This issue affects Carousel-of-post-images: from n/a through 1.07.
CVE-2025-46533 2025-04-29 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress allows Stored XSS. This issue affects Landing pages and Domain aliases for WordPress: from n/a through 0.8.
CVE-2025-46525 2025-04-29 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in msmitley WP Cookie Consent allows Stored XSS. This issue affects WP Cookie Consent: from n/a through 1.0.
CVE-2025-46519 2025-04-29 4.3 Medium
Missing Authorization vulnerability in Michael Revellin-Clerc Media Library Downloader allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Library Downloader: from n/a through 1.3.1.
CVE-2025-46489 2025-04-29 5.3 Medium
Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through 2.1.
CVE-2025-46478 2025-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaloha Dropdown Content allows Stored XSS. This issue affects Dropdown Content: from n/a through 1.0.2.
CVE-2025-46473 2025-04-29 7.2 High
Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection. This issue affects Social Counter: from n/a through 2.0.5.