CVE search

363,360 results
CVE-2026-11570MEDIUMUser Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author NameEPSS 0.1%CVE-2026-11568HIGHProduct Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_dataEPSS 0.3%CVE-2026-11562MEDIUMWS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings UpdateEPSS 0.2%CVE-2026-10750HIGHRoyal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP ToolsEPSS 0.3%CVE-2025-15666MEDIUMOpen Asset Import Library Assimp Model File SceneCombiner.cpp Copy heap-based overflowEPSS 0.1%CVE-2026-1239HIGHNinja Forms <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via token/refresh REST EndpointEPSS 0.3%CVE-2026-11823HIGHBookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' ParameterEPSS 0.3%CVE-2026-14193HIGHDVP80ES300T - Improper Validation of Array Index VulnerabilityEPSS 0.3%CVE-2026-12579HIGHAS228T - Authentication Bypass VulnerabilityEPSS 0.3%CVE-2026-11380MEDIUMJetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' SettingEPSS 0.2%CVE-2026-6070CRITICALWP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' ParameterEPSS 0.4%CVE-2026-12127MEDIUMWPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display NameEPSS 0.3%CVE-2026-11988MEDIUMLearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' ParameterEPSS 0.3%CVE-2026-11981MEDIUMGiveWP <= 4.15.3 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-2387MEDIUMEvent Organiser <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via eo_events ShortcodeEPSS 0.2%CVE-2026-12113MEDIUMAppointment Booking Calendar <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information DisclosureEPSS 0.2%CVE-2026-7517HIGHCustom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' ParameterEPSS 0.2%CVE-2026-58519MEDIUMStored XSS through Cargo's map formatEPSS 0.3%CVE-2026-58518MEDIUMCross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request EPSS 0.2%CVE-2026-12135MEDIUMFV Flowplayer Video Player <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'video_player' ShortcodeEPSS 0.2%