Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 26–50 of 1,463 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2025-5085 | MEDIUM | 5.5 | 2026-06-02 | The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insuffi… | |
| CVE-2026-1450 | MEDIUM | 6.1 | 2026-06-02 | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input … | |
| CVE-2026-1451 | MEDIUM | 6.1 | 2026-06-02 | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input san… | |
| CVE-2026-1784 | HIGH | 8.8 | 2026-06-02 | The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML sta… | |
| CVE-2026-2382 | MEDIUM | 6.4 | 2026-06-02 | The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw_fs_get_file' AJAX action in all versions up… | |
| CVE-2026-2425 | MEDIUM | 6.1 | 2026-06-02 | The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1… | |
| CVE-2026-3514 | HIGH | Patched | 7.5 | 2026-06-02 | In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifica… |
| CVE-2026-3620 | MEDIUM | 4.4 | 2026-06-02 | The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due t… | |
| CVE-2026-4071 | MEDIUM | 4.3 | 2026-06-02 | The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the bi… | |
| CVE-2026-4080 | MEDIUM | 6.4 | 2026-06-02 | The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and including 1.8. This is due to insu… | |
| CVE-2026-4081 | MEDIUM | 6.4 | 2026-06-02 | The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions up to and including 1.0. This is due to insufficien… | |
| CVE-2026-8422 | MEDIUM | 4.3 | 2026-06-02 | The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or i… | |
| CVE-2026-8885 | MEDIUM | 6.4 | 2026-06-02 | The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, … | |
| CVE-2026-9234 | MEDIUM | 4.3 | 2026-06-02 | The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability che… | |
| CVE-2026-9599 | MEDIUM | 4.3 | 2026-06-02 | The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce vali… | |
| CVE-2026-9722 | MEDIUM | 4.3 | 2026-06-02 | The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce valid… | |
| CVE-2026-9723 | MEDIUM | 4.3 | 2026-06-02 | The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect… | |
| CVE-2026-9730 | MEDIUM | 4.3 | 2026-06-02 | The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or inco… | |
| CVE-2025-52759 | HIGH | 7.1 | 2026-06-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects … | |
| CVE-2025-52766 | MEDIUM | 6.5 | 2026-06-02 | Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printee… | |
| CVE-2025-53209 | CRITICAL | 9.8 | 2026-06-02 | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | |
| CVE-2025-53302 | MEDIUM | 5.3 | 2026-06-02 | Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a… | |
| CVE-2025-53345 | HIGH | 8.8 | 2026-06-02 | Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a t… | |
| CVE-2025-53346 | MEDIUM | 4.3 | 2026-06-02 | Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a … | |
| CVE-2026-10549 | NONE | — | 2026-06-02 | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting i… |