Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2024-37412 1 Blossomthemes 1 Blossom Shop 2026-04-01 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Blossom Shop blossom-shop allows Cross Site Request Forgery.This issue affects Blossom Shop: from n/a through <= 1.1.7.
CVE-2024-37243 2 Blossomthemes, Wordpress 2 Vandana, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Vandana Lite vandana-lite allows Cross Site Request Forgery.This issue affects Vandana Lite: from n/a through <= 1.1.9.
CVE-2024-37102 2 Blossomthemes, Wordpress 2 Vilva, Wordpress 2026-04-01 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Vilva vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through <= 1.2.2.
CVE-2024-37098 1 Blossomthemes 1 Blossomthemes Email Newsletter 2026-01-07 4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.6.
CVE-2024-31429 2 Blossomthemes, Wordpress 2 Sarada, Wordpress 2026-01-07 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sarada Lite.This issue affects Sarada Lite: from n/a through 1.1.2.
CVE-2022-37338 1 Blossomthemes 1 Blossom Recipe Maker 2025-02-20 4.1 Medium
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.
CVE-2024-2107 1 Blossomthemes 1 Blossom Spa 2025-01-22 5.8 Medium
The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts.