Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,743
Quick preset (or use dates below)
Clear Filters
Showing 10,781 - 10,800 of 14,604 CVEs
CVE-2026-26997 MEDIUM - 5.4

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.

Vendor: MacWarrior
Product: clipbucket-v5
Published: Feb 27, 2026
Source: NVD
CVE-2026-27758 MEDIUM - 4.3

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers can craft malicious requests that execute unauthorized configuratio...

Vendor: Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product: SODOLA SL902-SWTGW124AS
Published: Feb 27, 2026
Source: NVD
CVE-2026-27756 MEDIUM - 6.1

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited...

Vendor: Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product: SODOLA SL902-SWTGW124AS
Published: Feb 27, 2026
Source: NVD
CVE-2026-27754 MEDIUM - 6.5

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies ...

Vendor: Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product: SODOLA SL902-SWTGW124AS
Published: Feb 27, 2026
Source: NVD
CVE-2026-27753 MEDIUM - 6.5

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate limiting...

Vendor: Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product: SODOLA SL902-SWTGW124AS
Published: Feb 27, 2026
Source: NVD
CVE-2026-27752 MEDIUM - 5.9

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administra...

Vendor: Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product: SODOLA SL902-SWTGW124AS
Published: Feb 27, 2026
Source: NVD
CVE-2026-24488 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax sending endpoint allows any authenticated user to read and transmit any file on the server (includin...

Vendor: openemr
Product: openemr
Published: Feb 27, 2026
Source: NVD
CVE-2025-11950 MEDIUM - 6.3

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affects EduAsist: through 27022026. NOTE: The vendor was contacted early about this disclosure ...

Vendor: KNOWHY Advanced Technology Trading Ltd. Co.
Product: EduAsist
Published: Feb 27, 2026
Source: NVD
CVE-2026-2831 MEDIUM - 4.9

The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ā€˜logid’ parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...

Published: Feb 27, 2026
Source: NVD
CVE-2026-24351 MEDIUM - 5.4

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond wi...

Vendor: PluXml
Product: PluXml CMS
Published: Feb 27, 2026
Source: NVD
CVE-2026-24350 MEDIUM - 5.4

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In versionĀ 5.9.0-rc7 clicking the link associated with the...

Vendor: PluXml
Product: PluXml CMS
Published: Feb 27, 2026
Source: NVD
CVE-2026-1434 MEDIUM - 6.1

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7.

Vendor: pw
Product: omega-psir
Published: Feb 27, 2026
Source: NVD
CVE-2026-1305 MEDIUM - 5.3

The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the `paidy_webhook_permission_check` function that unconditionally returns `true` when the webhook signature header is omit...

Published: Feb 27, 2026
Source: NVD
CVE-2025-14142 MEDIUM - 6.4

The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of the electric-enquiry shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

Vendor: electriccode
Product: Electric Enquiries
Published: Feb 27, 2026
Source: NVD
CVE-2024-10938 MEDIUM - 6.5

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the prop...

Vendor: moneytigo
Product: OVRI Payment
Published: Feb 27, 2026
Source: NVD
CVE-2026-2383 MEDIUM - 6.4

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

Published: Feb 27, 2026
Source: NVD
CVE-2026-2362 MEDIUM - 6.4

The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving th...

Published: Feb 27, 2026
Source: NVD
CVE-2026-1627 MEDIUM - 6.5

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic.

Vendor: sick
Product: lms1000_firmware
Published: Feb 27, 2026
Source: NVD
CVE-2026-1626 MEDIUM - 6.5

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.

Vendor: sick
Product: lms1000_firmware
Published: Feb 27, 2026
Source: NVD
CVE-2026-0871 MEDIUM - 4.9

A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when ...

Vendor: maven
Product: org.keycloak:keycloak-server-spi-private
Published: Feb 27, 2026
Source: NVD