CVE search

363,055 results
CVE-2025-15666MEDIUMOpen Asset Import Library Assimp Model File SceneCombiner.cpp Copy heap-based overflowEPSS 0.1%CVE-2026-1239HIGHNinja Forms <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via token/refresh REST EndpointEPSS 0.3%CVE-2026-11823HIGHBookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' ParameterEPSS 0.3%CVE-2026-14193HIGHDVP80ES300T - Improper Validation of Array Index VulnerabilityEPSS 0.3%CVE-2026-12579HIGHAS228T - Authentication Bypass VulnerabilityEPSS 0.3%CVE-2026-11380MEDIUMJetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' SettingEPSS 0.2%CVE-2026-6070CRITICALWP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' ParameterEPSS 0.4%CVE-2026-12127MEDIUMWPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display NameEPSS 0.3%CVE-2026-11988MEDIUMLearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' ParameterEPSS 0.3%CVE-2026-11981MEDIUMGiveWP <= 4.15.3 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-2387MEDIUMEvent Organiser <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via eo_events ShortcodeEPSS 0.2%CVE-2026-12113MEDIUMAppointment Booking Calendar <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information DisclosureEPSS 0.2%CVE-2026-7517HIGHCustom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' ParameterEPSS 0.2%CVE-2026-58519MEDIUMStored XSS through Cargo's map formatEPSS 0.3%CVE-2026-58518MEDIUMCross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request EPSS 0.2%CVE-2026-12135MEDIUMFV Flowplayer Video Player <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'video_player' ShortcodeEPSS 0.2%CVE-2026-12090MEDIUMTaskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'wppm_proj_filter' ParameterEPSS 0.3%CVE-2026-12923HIGHVideo Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' ParameterEPSS 0.3%CVE-2026-13015MEDIUMWP Google Review Slider <= 18.1 - Reflected Cross-Site Scripting via 'place' ParameterEPSS 0.2%CVE-2026-12902MEDIUMKadence Blocks <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation via kadence_import_process_pattern/kadence_import_process_data AJAX ActionsEPSS 0.3%