Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44457 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-28558 2 Gvectors, Wordpress 2 Wpforo Forum, Wordpress 2026-03-06 6.4 Medium
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the browsers of any user who views the attacker's profile page.
CVE-2026-28560 2 Gvectors, Wordpress 2 Wpforo Forum, Wordpress 2026-03-06 5.5 Medium
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break out of the JavaScript string context and execute arbitrary script in all visitors' browsers.
CVE-2026-28561 2 Gvectors, Wordpress 2 Wpforo Forum, Wordpress 2026-03-06 5.5 Medium
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account, attackers set a forum description containing HTML event handlers that execute when any user views the forum listing.
CVE-2026-28037 2 Ashanjay, Wordpress 2 Eventon, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through <= 4.9.12.
CVE-2026-28042 2 Astoundify, Wordpress 2 Listify, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Listify listify allows Reflected XSS.This issue affects Listify: from n/a through <= 3.2.5.
CVE-2026-28072 2 Pixfort, Wordpress 2 Pixfort Core, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixFort pixfort Core pixfort-core allows Reflected XSS.This issue affects pixfort Core: from n/a through <= 3.2.22.
CVE-2026-28075 2 P-themes, Wordpress 2 Porto, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through <= 7.6.2.
CVE-2026-28099 2 Lambertgroup, Wordpress 2 Uberslider Ultra, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Ultra uberSlider_ultra allows Reflected XSS.This issue affects UberSlider Ultra: from n/a through <= 2.3.
CVE-2026-28100 2 Lambertgroup, Wordpress 2 Uberslider Perpetuummobile, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider PerpetuumMobile uberSlider_perpetuummobile allows Reflected XSS.This issue affects UberSlider PerpetuumMobile: from n/a through <= 2.3.
CVE-2026-28101 2 Lambertgroup, Wordpress 2 Uberslider Mouseinteraction, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider MouseInteraction uberSlider_mouseinteraction allows Reflected XSS.This issue affects UberSlider MouseInteraction: from n/a through <= 2.3.
CVE-2026-28102 2 Lambertgroup, Wordpress 2 Uberslider Classic, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Classic uberSlider_classic allows Reflected XSS.This issue affects UberSlider Classic: from n/a through <= 2.5.
CVE-2026-28103 2 Lambertgroup, Wordpress 2 Lbg Zoominoutslider, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows Reflected XSS.This issue affects LBG Zoominoutslider: from n/a through <= 5.4.5.
CVE-2026-28108 2 Lambertgroup, Wordpress 2 Lambertgroup - Allinone - Banner With Thumbnails, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Reflected XSS.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a through <= 3.8.
CVE-2026-28109 2 Lambertgroup, Wordpress 2 Lambertgroup - Allinone - Content Slider, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Reflected XSS.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through <= 3.8.
CVE-2026-28110 2 Lambertgroup, Wordpress 2 Lambertgroup - Allinone - Banner With Playlist, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Reflected XSS.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through <= 3.8.
CVE-2026-28112 2 Lambertgroup, Wordpress 2 Allinone - Banner Rotator, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through <= 3.8.
CVE-2026-28113 2 Azzaroco, Wordpress 2 Ultimate Learning Pro, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.1.
CVE-2026-28122 2 Cridio, Wordpress 2 Listingpro, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through <= 2.9.8.
CVE-2026-28127 2 E-plugins, Wordpress 2 Lawyer Directory, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directory: from n/a through <= 1.3.2.
CVE-2026-28130 2 Andondesign, Wordpress 2 Udesign, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through <= 4.14.0.