CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 2140 of 16961 results
«« First « Prev Page 2 / 849 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2023-23825 Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. 3.1 0.53% 2024-12-09 2026-06-17
CVE-2023-22676 Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12. 3.1 0.44% 2023-12-29 2026-06-17
CVE-2022-47163 Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions. 3.1 0.25% 2023-03-14 2026-06-17
CVE-2022-29454 Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. 3.1 0.25% 2022-07-20 2026-06-17
CVE-2025-66062 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through <= 1.7.28. 3.4 0.17% 2025-11-21 2026-06-17
CVE-2024-22308 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. 3.4 0.28% 2024-01-24 2026-06-17
CVE-2022-45082 Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. 3.4 0.40% 2022-11-18 2026-06-17
CVE-2022-40215 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. 3.4 0.41% 2022-09-23 2026-06-17
CVE-2022-38703 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress 3.4 0.41% 2022-09-23 2026-06-17
CVE-2022-37328 Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress. 3.4 0.43% 2022-09-23 2026-06-17
CVE-2022-36343 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. 3.4 0.45% 2022-08-01 2026-06-17
CVE-2022-30536 Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. 3.4 0.59% 2022-07-21 2026-06-17
CVE-2022-29452 Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. 3.4 0.48% 2022-06-15 2026-06-17
CVE-2022-29432 Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. 3.4 0.49% 2022-05-20 2026-06-17
CVE-2022-27856 Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions. 3.4 0.38% 2023-05-10 2026-06-17
CVE-2022-27848 Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 3.4 0.53% 2022-04-14 2026-06-17
CVE-2022-25618 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 3.4 0.53% 2022-04-04 2026-06-17
CVE-2022-25610 Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. 3.4 0.69% 2022-03-25 2026-06-17
CVE-2021-36910 Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. 3.4 0.56% 2022-04-11 2026-06-16
CVE-2021-36889 Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6). 3.4 0.56% 2021-12-20 2026-06-16
«« First « Prev Page 2 / 849 Next »
cvelogic Threat Intelligence