CVE search
361,771 resultsCVE-2026-11783MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKUEPSS 0.2%CVE-2026-9242MEDIUMRegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN RequestEPSS 0.2%CVE-2026-11987MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' ParameterEPSS 0.3%CVE-2026-9677MEDIUMShariff for WordPress <= 1.0.11 - Admin+ Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-10820HIGHProfilePress < 4.16.17 - Subscriber+ Subscription Cancellation via IDOREPSS 0.1%CVE-2026-12404MEDIUMNEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport ClassEPSS 0.3%CVE-2026-13245MEDIUMMaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' ParameterEPSS 0.2%CVE-2026-12415CRITICALInvoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' ParameterEPSS 0.7%CVE-2025-59868MEDIUMHCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposureEPSS 0.1%CVE-2026-13422MEDIUMHD Quiz 2.2.0 - 2.2.1 - Cross-Site Request Forgery via Multiple AJAX HandlersEPSS 0.2%CVE-2026-11356MEDIUMIvory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' SettingsEPSS 0.3%CVE-2026-13333MEDIUMGroundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' ParameterEPSS 0.3%CVE-2026-13335MEDIUMCodePeople Post Map for Google Maps <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting via 'cpm_point' Post MetaEPSS 0.2%CVE-2026-13331MEDIUMGroundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' ParameterEPSS 0.3%CVE-2023-37524HIGHHCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of serviceEPSS 0.1%CVE-2026-56414HIGHH.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous TypeEPSS 0.4%CVE-2026-55975HIGHH.VIEW HV-500S6 IP Camera OS Command InjectionEPSS 0.7%CVE-2026-31928CRITICALDaktronics Controller Firmware Use of Hard-coded CredentialsEPSS 0.4%CVE-2026-33560HIGHDaktronics Controller Firmware Unrestricted Upload of File with Dangerous TypeEPSS 0.3%CVE-2026-28701CRITICALDaktronics Controller Firmware Path TraversalEPSS 0.8%