Search

Expected end of text, found ':' (at char 23), (line:1, col:24)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (329521 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-30406 2 Juniper, Juniper Networks 13 Acx5448, Acx5448-d, Acx5448-m and 10 more 2026-01-23 5.5 Medium
A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.  This issue does not affect releases before 23.1R1-EVO.
CVE-2026-24354 1 Wordpress 1 Wordpress 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.
CVE-2025-69187 2 E-plugins, Wordpress 2 Final User, Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.
CVE-2026-22396 2 Mikado-themes, Wordpress 2 Fiorello, Wordpress 2026-01-23 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through <= 1.0.
CVE-2026-22461 2 Webappick, Wordpress 2 Ctx Feed, Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through <= 6.6.18.
CVE-2026-24353 2 Wordpress, Wpeverest 2 Wordpress, User Registration 2026-01-23 N/A
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.
CVE-2026-22347 1 Wordpress 1 Wordpress 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a through <= 3.3.2.
CVE-2026-22348 1 Wordpress 1 Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53.
CVE-2025-69313 2 Wordpress, Wpxpo 2 Wordpress, Postx 2026-01-23 N/A
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.
CVE-2026-22382 2 Mikado-themes, Wordpress 2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress 2026-01-23 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
CVE-2026-24381 1 Wordpress 1 Wordpress 2026-01-23 5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.
CVE-2025-69312 2 Wordpress, Xpro 2 Wordpress, Xpro Elementor Addons 2026-01-23 N/A
Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.
CVE-2026-22404 2 Mikado-themes, Wordpress 2 Innovio, Wordpress 2026-01-23 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.
CVE-2026-22458 2 Mikado-themes, Wordpress 2 Wanderland, Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1.5.
CVE-2026-24368 1 Wordpress 1 Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
CVE-2025-69293 2 E-plugins, Wordpress 2 Final User, Wordpress 2026-01-23 N/A
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5.
CVE-2025-69192 2 E-plugins, Wordpress 2 Real Estate Pro, Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.
CVE-2026-22450 1 Wordpress 1 Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3.
CVE-2026-24383 2 Bplugins, Wordpress 2 B Slider, Wordpress 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6.
CVE-2025-69311 1 Wordpress 1 Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.