CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 81100 of 16855 results
«« First « Prev Page 5 / 843 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2022-27850 Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. 5.4 0.37% 2022-04-15 2026-06-17
CVE-2022-27851 Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. 5.4 0.37% 2022-04-15 2026-06-17
CVE-2022-27852 Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. 6.1 0.66% 2022-04-15 2026-06-17
CVE-2022-23975 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. 6.5 0.47% 2022-04-18 2026-06-17
CVE-2022-23976 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). 8.1 0.47% 2022-04-18 2026-06-17
CVE-2022-27853 Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 4.8 0.50% 2022-04-18 2026-06-17
CVE-2022-27862 Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. 9.8 1.64% 2022-04-19 2026-06-17
CVE-2022-27863 Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. 5.3 1.05% 2022-04-19 2026-06-17
CVE-2022-29417 Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. 4.3 0.58% 2022-04-25 2026-06-17
CVE-2022-29418 Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. 4.8 0.50% 2022-04-25 2026-06-17
CVE-2022-29419 SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. 6.0 0.80% 2022-04-25 2026-06-17
CVE-2021-36867 Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. 5.4 0.53% 2022-04-26 2026-06-16
CVE-2021-36895 Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. 4.7 0.70% 2022-04-26 2026-06-16
CVE-2022-27854 Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. 5.4 0.54% 2022-04-26 2026-06-17
CVE-2022-27860 Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress. 6.1 0.36% 2022-04-28 2026-06-17
CVE-2022-29415 Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress. 6.1 0.70% 2022-04-28 2026-06-17
CVE-2022-29410 Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). 7.4 0.86% 2022-04-28 2026-06-17
CVE-2022-29411 SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). 8.3 1.02% 2022-04-28 2026-06-17
CVE-2022-29412 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. 5.4 0.39% 2022-04-28 2026-06-17
CVE-2022-29413 Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter. 4.7 0.36% 2022-04-28 2026-06-17
«« First « Prev Page 5 / 843 Next »
cvelogic Threat Intelligence