Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-39511
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.
CVE-2026-39441
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
CVE-2026-54806
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting maliciou
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap coo
CVE-2026-42386
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
CVE-2025-59554
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
CVE-2026-49770
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
CVE-2024-44349
CRITICAL CVSS 9.8
Find Similar
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in t
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting maliciou
Page 1+ Next →