Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,221 - 11,240 of 14,604 CVEs
CVE-2025-67547 MEDIUM - 6.5

Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.

Vendor: uixthemes
Product: Konte
Published: Feb 20, 2026
Source: NVD
CVE-2025-67438 MEDIUM - 6.1

A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information, i...

Vendor: npm
Product: @sync-in/server
Published: Feb 20, 2026
Source: NVD
CVE-2025-60183 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through <= 0.6.

Vendor: silence
Product: Silencesoft RSS Reader
Published: Feb 20, 2026
Source: NVD
CVE-2024-56208 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= 1.0.71.

Vendor: desertthemes
Product: NewsMash
Published: Feb 20, 2026
Source: NVD
CVE-2024-54222 MEDIUM - 4.3

Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15.

Vendor: Seraphinite Solutions
Product: Seraphinite Accelerator
Published: Feb 20, 2026
Source: NVD
CVE-2024-52387 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4.

Vendor: Liton Arefin
Product: Master Addons for Elementor
Published: Feb 20, 2026
Source: NVD
CVE-2024-51915 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.2.

Vendor: LiteSpeed Technologies
Product: LiteSpeed Cache
Published: Feb 20, 2026
Source: NVD
CVE-2024-50555 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.29.0.

Vendor: Elementor
Product: Elementor Website Builder
Published: Feb 20, 2026
Source: NVD
CVE-2024-50452 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through <= 3.3.3.

Vendor: POSIMYTH
Product: Nexter Blocks
Published: Feb 20, 2026
Source: NVD
CVE-2024-43228 MEDIUM - 5.3

Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.

Vendor: SecuPress
Product: SecuPress Free
Published: Feb 20, 2026
Source: NVD
CVE-2024-34438 MEDIUM - 5.3

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19.

Vendor: Anssi Laitila
Product: Shared Files
Published: Feb 20, 2026
Source: NVD
CVE-2026-2486 MEDIUM - 6.4

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...

Published: Feb 20, 2026
Source: NVD
CVE-2026-26370 MEDIUM - 6.1

WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.

Vendor: Ays Pro
Product: Survey Maker
Published: Feb 20, 2026
Source: NVD
CVE-2025-59819 MEDIUM - 6.5

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path.

Vendor: zenitel
Product: alphacom_xe_audio_server
Published: Feb 20, 2026
Source: NVD
CVE-2026-2824 MEDIUM - 6.3

A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from rem...

Vendor: comfast
Product: cf-e7_firmware
Published: Feb 20, 2026
Source: NVD
CVE-2026-2823 MEDIUM - 6.3

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possibl...

Vendor: comfast
Product: cf-e7_firmware
Published: Feb 20, 2026
Source: NVD
CVE-2026-2822 MEDIUM - 6.3

A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection. The attack can be exec...

Vendor: jeecg
Product: jeecg_boot
Published: Feb 20, 2026
Source: NVD
CVE-2026-2739 MEDIUM - 5.3

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.

Vendor: npm
Product: bn.js
Published: Feb 20, 2026
Source: NVD
CVE-2026-2384 MEDIUM - 6.4

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

Published: Feb 20, 2026
Source: NVD
CVE-2026-26994 MEDIUM - 6.5

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spec. ...

Vendor: refraction-networking
Product: utls
Published: Feb 20, 2026
Source: NVD