CVE search

363,064 results
CVE-2026-12113MEDIUMAppointment Booking Calendar <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information DisclosureEPSS 0.2%CVE-2026-7517HIGHCustom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' ParameterEPSS 0.2%CVE-2026-58519MEDIUMStored XSS through Cargo's map formatEPSS 0.3%CVE-2026-58518MEDIUMCross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request EPSS 0.2%CVE-2026-12135MEDIUMFV Flowplayer Video Player <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'video_player' ShortcodeEPSS 0.2%CVE-2026-12090MEDIUMTaskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'wppm_proj_filter' ParameterEPSS 0.3%CVE-2026-12923HIGHVideo Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' ParameterEPSS 0.3%CVE-2026-13015MEDIUMWP Google Review Slider <= 18.1 - Reflected Cross-Site Scripting via 'place' ParameterEPSS 0.2%CVE-2026-12902MEDIUMKadence Blocks <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation via kadence_import_process_pattern/kadence_import_process_data AJAX ActionsEPSS 0.3%CVE-2026-12110MEDIUMTaskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'task_search' ParameterEPSS 0.3%CVE-2026-13443MEDIUMTutor LMS <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting via Lesson Attachment TitleEPSS 0.2%CVE-2026-13468HIGHVisualizer <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via /visualizer/v1/action/{chart}/{type}/ REST EndpointEPSS 0.4%CVE-2026-9107MEDIUMKali Forms <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'kaliforms_field_components' ParameterEPSS 0.2%CVE-2026-12904MEDIUMKadence Blocks <= 3.7.7 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification via 'post_path' ParameterEPSS 0.3%CVE-2026-13731HIGHWPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' ParameterEPSS 0.2%CVE-2026-13246MEDIUMGiveWP <= 4.16.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'block_id' Shortcode AttributeEPSS 0.2%CVE-2026-12133MEDIUMJoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion via season_groupdel AJAX actionEPSS 0.3%CVE-2026-7840CRITICALUltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE)EPSS 1.2%CVE-2026-7839CRITICALUltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin accessEPSS 0.3%CVE-2026-7838HIGHUltraVNC viewer heap buffer overflow via integer overflow in RFB connection-failure reason lengthEPSS 1.2%