Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1296 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69032 3 Mikado-themes, Qodeinteractive, Wordpress 3 Fivestar, Fivestar, Wordpress 2026-01-29 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7.
CVE-2025-69030 3 Mikado-themes, Qodeinteractive, Wordpress 3 Backpack Traveler, Backpack Traveler, Wordpress 2026-01-29 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3.
CVE-2020-16194 1 Store-opart 1 Op\'art Devis 2026-01-27 5.3 Medium
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.
CVE-2026-1213 1 Askbot 1 Askbot 2026-01-27 N/A
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.
CVE-2026-22411 2 Mikado-themes, Wordpress 2 Dolcino, Wordpress 2026-01-27 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6.
CVE-2026-22409 2 Mikado-themes, Wordpress 2 Justicia, Wordpress 2026-01-27 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2.
CVE-2026-22407 2 Mikado-themes, Wordpress 2 Roam, Wordpress 2026-01-27 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
CVE-2026-22406 2 Mikado-themes, Wordpress 2 Overton, Wordpress 2026-01-27 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.
CVE-2026-22391 2 Mikado-themes, Wordpress 2 Cocco, Wordpress 2026-01-27 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through <= 1.5.1.
CVE-2026-22404 2 Mikado-themes, Wordpress 2 Innovio, Wordpress 2026-01-27 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.
CVE-2025-14459 1 Redhat 1 Container Native Virtualization 2026-01-27 8.5 High
A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.
CVE-2025-9520 1 Tp-link 1 Omada Controller 2026-01-27 N/A
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
CVE-2025-47555 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-01-26 8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.
CVE-2026-22400 2 Mikado-themes, Wordpress 2 Holmes, Wordpress 2026-01-26 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through <= 1.7.
CVE-2026-22398 2 Mikado-themes, Wordpress 2 Fleur, Wordpress 2026-01-26 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0.
CVE-2026-22396 2 Mikado-themes, Wordpress 2 Fiorello, Wordpress 2026-01-26 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through <= 1.0.
CVE-2026-22393 2 Mikado-themes, Wordpress 2 Curly, Wordpress 2026-01-26 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through <= 3.3.
CVE-2026-22430 2 Mikado-themes, Wordpress 2 Verdure, Wordpress 2026-01-26 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through <= 1.6.
CVE-2026-22426 1 Wordpress 1 Wordpress 2026-01-26 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2.
CVE-2026-24379 2 Wordpress, Wpjobportal 2 Wordpress, Wp Job Portal 2026-01-26 9.1 Critical
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.