CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-57426
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions.

Jul 2, 2026
CVE-2026-57366
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WPAdverts <= 2.3.1 versions.

Jul 2, 2026
CVE-2026-57362
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in ChatBot <= 8.3.2 versions.

Jul 2, 2026
CVE-2026-57361
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 5.2.2.5 versions.

Jul 2, 2026
CVE-2026-57360
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions.

Jul 2, 2026
CVE-2026-57359
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 2.3.10 versions.

Jul 2, 2026
CVE-2026-57358
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions.

Jul 2, 2026
CVE-2026-57357
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO <= 2.6.6 versions.

Jul 2, 2026
CVE-2026-57356
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in MC Woocommerce Wishlist <= 1.9.19 versions.

Jul 2, 2026
CVE-2026-57355
6.5 MEDIUM

Subscriber Broken Access Control in Classified Listing <= 5.4.2 versions.

Jul 2, 2026
CVE-2026-57354
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.

Jul 2, 2026
CVE-2026-57353
6.5 MEDIUM

Subscriber Broken Access Control in Link Whisper Premium <= 2.9.0 versions.

Jul 2, 2026
CVE-2026-57352
4.8 MEDIUM

Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.

Jul 2, 2026
CVE-2026-57351
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions.

Jul 2, 2026
CVE-2026-57350
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions.

Jul 2, 2026
CVE-2026-57349
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.

Jul 2, 2026
CVE-2026-57348
7.2 HIGH

Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.

Jul 2, 2026
CVE-2026-57347
6.5 MEDIUM

Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.

Jul 2, 2026
CVE-2026-57345
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions.

Jul 2, 2026
CVE-2026-57344
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.

Jul 2, 2026
CVE-2026-57343
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 3.5.9 versions.

Jul 2, 2026
CVE-2026-57342
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.

Jul 2, 2026
CVE-2026-56037
8.8 HIGH

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.

Jul 2, 2026
CVE-2026-49779
6.5 MEDIUM

Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.

Jul 2, 2026
CVE-2026-42382
8.1 HIGH

Unauthenticated Local File Inclusion in Audrey <= 1.5 versions.

Jul 2, 2026
CVE-2026-39448
7.5 HIGH

Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.

Jul 2, 2026
CVE-2026-27436
9.1 CRITICAL

Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.

Jul 2, 2026
CVE-2026-27433
6.5 MEDIUM

Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.

Jul 2, 2026
CVE-2026-27430
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.

Jul 2, 2026
CVE-2026-27426
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.

Jul 2, 2026
CVE-2026-27425
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.

Jul 2, 2026
CVE-2026-27419
9.9 CRITICAL

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

Jul 2, 2026
CVE-2026-27414
8.8 HIGH

Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.

Jul 2, 2026
CVE-2026-27412
8.1 HIGH

Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.

Jul 2, 2026
CVE-2026-27408
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.

Jul 2, 2026
CVE-2026-27404
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.

Jul 2, 2026
CVE-2026-27402
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.

Jul 2, 2026
CVE-2026-27060
8.8 HIGH

Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.

Jul 2, 2026
CVE-2026-14449

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

Jul 2, 2026
CVE-2026-11946
7.5 HIGH

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. …

Jul 2, 2026
CVE-2025-69156
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.

Jul 2, 2026
CVE-2025-69155
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.

Jul 2, 2026
CVE-2025-69154
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.

Jul 2, 2026
CVE-2025-69153
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.

Jul 2, 2026
CVE-2025-69152
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.

Jul 2, 2026
CVE-2025-69134
7.5 HIGH

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.

Jul 2, 2026
CVE-2025-69133
7.5 HIGH

Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.

Jul 2, 2026
CVE-2025-69132
6.5 MEDIUM

Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.

Jul 2, 2026
CVE-2025-69094
8.5 HIGH

Subscriber SQL Injection in Unicamp <= 2.2.2 versions.

Jul 2, 2026
CVE-2025-66076
5.3 MEDIUM

Unauthenticated Broken Access Control in Woostify Sites Library <= 1.6.2 versions.

Jul 2, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.