Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,523
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,101 - 2,120 of 40,173 CVEs

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role (Contributor) to disclose non-public content that WordPress would not otherwise expose to them,...

Vendor: Unknown
Product: Adminify
Published: Jul 02, 2026
Source: NVD
CVE-2026-11600 MEDIUM - 4.3

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs (and Off Canvas) widget's template rendering in versions up to, and including, 1.4.26. The render() metho...

Vendor: envothemes
Product: Envo's Templates & Widgets for Elementor and WooCommerce
Published: Jul 02, 2026
Source: NVD
CVE-2026-11592 MEDIUM - 4.3

The Email Subscribers & Newsletters โ€“ Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to p...

Vendor: icegram
Product: Email Subscribers & Newsletters โ€“ Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Published: Jul 02, 2026
Source: NVD

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires ...

Vendor: Unknown
Product: Fluent Forms
Published: Jul 02, 2026
Source: NVD
CVE-2026-10089 MEDIUM - 6.4

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys (meta key names) in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the the_meta() function: while the custom field VALUE is sanitized with wp_kses_...

Vendor: figureone
Product: Insert Pages
Published: Jul 02, 2026
Source: NVD
CVE-2026-10077 MEDIUM - 6.8

The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wp_kses_post(), as markup, allowing users with the Author role to perform Stored Cross-Site Scripting attacks that execute in the browser of any u...

Vendor: Unknown
Product: yootheme
Published: Jul 02, 2026
Source: NVD
CVE-2026-57278 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57277 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57276 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57275 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57274 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57273 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57272 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57271 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57270 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57269 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57268 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57267 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57266 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-57265 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD