Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,181 - 11,200 of 14,604 CVEs
CVE-2026-26095 MEDIUM - 5.5

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

Vendor: Owl
Product: opds
Published: Feb 20, 2026
Source: NVD
CVE-2026-26049 MEDIUM - 5.7

The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form cac...

Vendor: Jinan USR IOT Technology Limited (PUSR)
Product: USR-W610
Published: Feb 20, 2026
Source: NVD
CVE-2025-15582 MEDIUM - 5.4

A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploit...

Vendor: detronetdip
Product: E-commerce
Published: Feb 20, 2026
Source: NVD
CVE-2026-24953 MEDIUM - 6.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through <= 6.1.15.

Vendor: Mitchell Bennis
Product: Simple File List
Published: Feb 20, 2026
Source: NVD
CVE-2026-24946 MEDIUM - 6.5

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5....

Vendor: tychesoftwares
Product: Print Invoice & Delivery Notes for WooCommerce
Published: Feb 20, 2026
Source: NVD
CVE-2026-24944 MEDIUM - 6.5

Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.

Vendor: weDevs
Product: Subscribe2
Published: Feb 20, 2026
Source: NVD
CVE-2026-22351 MEDIUM - 6.5

Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through <= 1.6.

Vendor: Marcus (aka @msykes)
Product: WP FullCalendar
Published: Feb 20, 2026
Source: NVD
CVE-2026-22350 MEDIUM - 6.5

Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through &l...

Vendor: add-ons.org
Product: PDF for Elementor Forms + Drag And Drop Template Builder
Published: Feb 20, 2026
Source: NVD
CVE-2026-22341 MEDIUM - 5.4

Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0.

Vendor: Case-Themes
Product: Booked
Published: Feb 20, 2026
Source: NVD
CVE-2025-69388 MEDIUM - 6.5

Missing Authorization vulnerability in cliengo Cliengo โ€“ Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo โ€“ Chatbot: from n/a through <= 3.0.4.

Vendor: cliengo
Product: Cliengo โ€“ Chatbot
Published: Feb 20, 2026
Source: NVD
CVE-2025-69385 MEDIUM - 6.5

Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through <= 1.3.

Vendor: AgniHD
Product: Cartify - WooCommerce Gutenberg WordPress Theme
Published: Feb 20, 2026
Source: NVD
CVE-2025-69325 MEDIUM - 5.3

Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.

Vendor: primersoftware
Product: Primer MyData for Woocommerce
Published: Feb 20, 2026
Source: NVD
CVE-2025-69011 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Cool Tag Cloud cool-tag-cloud allows Stored XSS.This issue affects Cool Tag Cloud: from n/a through <= 2.29.

Vendor: WPKube
Product: Cool Tag Cloud
Published: Feb 20, 2026
Source: NVD
CVE-2025-68895 MEDIUM - 6.5

Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger Marketing ahachat-messenger-marketing allows Password Recovery Exploitation.This issue affects AhaChat Messenger Marketing: from n/a through <= 1.1.

Vendor: ahachat
Product: AhaChat Messenger Marketing
Published: Feb 20, 2026
Source: NVD
CVE-2025-68855 MEDIUM - 5.9

Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.

Vendor: themeglow
Product: JobBoard Job listing
Published: Feb 20, 2026
Source: NVD
CVE-2025-68837 MEDIUM - 6.5

Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System:...

Vendor: ELEXtensions
Product: ELEX WordPress HelpDesk & Customer Ticketing System
Published: Feb 20, 2026
Source: NVD
CVE-2025-68564 MEDIUM - 6.5

Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2.

Vendor: sendy
Product: Sendy
Published: Feb 20, 2026
Source: NVD
CVE-2025-68552 MEDIUM - 6.3

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows PHP Local File Inclusion.This issue affects WooCommerce Coming Soon Product ...

Vendor: WebCodingPlace
Product: WooCommerce Coming Soon Product with Countdown
Published: Feb 20, 2026
Source: NVD
CVE-2025-68542 MEDIUM - 6.5

Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Gateway for IRIS: from n/a through <= 1.3.

Vendor: vgdevsolutions
Product: Checkout Gateway for IRIS
Published: Feb 20, 2026
Source: NVD
CVE-2025-68534 MEDIUM - 6.5

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 6.3.0.

Vendor: add-ons.org
Product: PDF for WPForms
Published: Feb 20, 2026
Source: NVD