Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,946
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,401 - 8,420 of 13,819 CVEs
CVE-2026-32491 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through <= 13.9.

Vendor: jgwhite33
Product: WP Review Slider
Published: Mar 25, 2026
Source: NVD
CVE-2026-32490 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP TripAdvisor Review Slider wp-tripadvisor-review-slider allows Stored XSS.This issue affects WP TripAdvisor Review Slider: from n/a through <= 14.1.

Vendor: jgwhite33
Product: WP TripAdvisor Review Slider
Published: Mar 25, 2026
Source: NVD
CVE-2026-32489 MEDIUM - 6.5

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.

Vendor: bPlugins
Product: B Blocks
Published: Mar 25, 2026
Source: NVD
CVE-2026-32483 MEDIUM - 6.5

Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.63.

Vendor: codepeople
Product: Contact Form Email
Published: Mar 25, 2026
Source: NVD
CVE-2026-31914 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hookandhook WP Courses LMS wp-courses allows DOM-Based XSS.This issue affects WP Courses LMS: from n/a through <= 3.2.26.

Vendor: hookandhook
Product: WP Courses LMS
Published: Mar 25, 2026
Source: NVD
CVE-2026-2973 MEDIUM - 5.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-2745 MEDIUM - 6.8

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent i...

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-2726 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-r...

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-29092 MEDIUM - 4.9

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally e...

Vendor: kiteworks
Product: Kiteworks Email Protection Gateway
Published: Mar 25, 2026
Source: NVD
CVE-2026-27659 MEDIUM - 4.6

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to properly validate CSRF tokens in the /api/v4/access_control_policies/{policy_id}/activate endpoint, which allows an attacker to trick an admin into changing access control policy active ...

Vendor: Mattermost
Product: Mattermost
Published: Mar 25, 2026
Source: NVD
CVE-2026-27656 MEDIUM - 5.7

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching...

Vendor: Mattermost
Product: Mattermost
Published: Mar 25, 2026
Source: NVD
CVE-2026-27046 MEDIUM - 6.5

Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through <= 2.6.3.

Vendor: Kaira
Product: StoreCustomizer
Published: Mar 25, 2026
Source: NVD
CVE-2026-26233 MEDIUM - 4.3

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service (server crash and restart) via HTTP/2 single packet attack with 100+ parallel login req...

Vendor: Mattermost
Product: Mattermost
Published: Mar 25, 2026
Source: NVD
CVE-2026-25645 MEDIUM - 4.4

Requests is a HTTP library. Prior to version 2.33.0, the function `requests.utils.extract_zipped_paths()` (which is used by `HTTPAdapter.cert_verify()` to load the CA bundle, often from the `certifi` package's zipapp structure) uses a predictable, non-unique filename (the basename of the file, ...

Vendor: psf
Product: requests
Published: Mar 25, 2026
Source: NVD
CVE-2026-25469 MEDIUM - 6.5

Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill &#8211; WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill &#8211; WooCommerce: from n/a through <= 1.1.53.

Vendor: ViaBill for WooCommerce
Product: ViaBill &#8211; WooCommerce
Published: Mar 25, 2026
Source: NVD
CVE-2026-25465 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35.

Vendor: codepeople
Product: CP Multi View Event Calendar
Published: Mar 25, 2026
Source: NVD
CVE-2026-25462 MEDIUM - 6.5

Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3.

Vendor: avalex
Product: avalex
Published: Mar 25, 2026
Source: NVD
CVE-2026-25460 MEDIUM - 6.3

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.

Vendor: LiquidThemes
Product: Ave Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-25455 MEDIUM - 6.5

Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.60.

Vendor: PickPlugins
Product: Product Slider for WooCommerce
Published: Mar 25, 2026
Source: NVD
CVE-2026-25454 MEDIUM - 6.5

Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through <= 4.4.1.

Vendor: MVPThemes
Product: The League
Published: Mar 25, 2026
Source: NVD