Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,707
Quick preset (or use dates below)
Clear Filters
Showing 11,341 - 11,360 of 14,108 CVEs
CVE-2025-67982 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12.

Vendor: thembay
Product: Urna
Published: Feb 20, 2026
Source: NVD
CVE-2025-67981 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15.

Vendor: thembay
Product: Besa
Published: Feb 20, 2026
Source: NVD
CVE-2025-67980 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17.

Vendor: thembay
Product: Hara
Published: Feb 20, 2026
Source: NVD
CVE-2025-67978 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1.

Vendor: FixBD
Product: Educare
Published: Feb 20, 2026
Source: NVD
CVE-2025-67977 HIGH - 8.2

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8.

Vendor: VillaTheme
Product: HAPPY
Published: Feb 20, 2026
Source: NVD
CVE-2025-67974 HIGH - 7.5

Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4.

Vendor: WP Legal Pages
Product: WPLegalPages
Published: Feb 20, 2026
Source: NVD
CVE-2025-67972 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Prague prague-plugins allows Reflected XSS.This issue affects Prague: from n/a through <= 2.2.8.

Vendor: fox-themes
Product: Prague
Published: Feb 20, 2026
Source: NVD
CVE-2025-67971 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through < 1.3.0.

Vendor: WPManageNinja
Product: FluentCart
Published: Feb 20, 2026
Source: NVD
CVE-2025-60087 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page...

Vendor: Nenad Obradovic
Product: Extensive VC Addons for WPBakery page builder
Published: Feb 20, 2026
Source: NVD
CVE-2025-53237 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Wizard Cloak wp-wizard-cloak allows Reflected XSS.This issue affects WP Wizard Cloak: from n/a through <= 1.0.1.

Vendor: Soflyy
Product: WP Wizard Cloak
Published: Feb 20, 2026
Source: NVD
CVE-2025-53233 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RylanH Storyform storyform allows Reflected XSS.This issue affects Storyform: from n/a through <= 0.6.14.

Vendor: RylanH
Product: Storyform
Published: Feb 20, 2026
Source: NVD
CVE-2025-53231 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy Taxonomy Images: from n/a through <= 1.0.1.

Vendor: wpdevstudio
Product: Easy Taxonomy Images
Published: Feb 20, 2026
Source: NVD
CVE-2025-53228 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue affects bbpress Simple Advert Units: from n/a through <= 0.41.

Vendor: jezza101
Product: bbpress Simple Advert Units
Published: Feb 20, 2026
Source: NVD
CVE-2025-53217 HIGH - 7.6

Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2.

Vendor: staviravn
Product: AIO WP Builder
Published: Feb 20, 2026
Source: NVD
CVE-2025-52744 HIGH - 7.6

Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0.

Vendor: inpersttion
Product: Inpersttion For Theme
Published: Feb 20, 2026
Source: NVD
CVE-2026-26050 HIGH - 7.8

The installer for γ‚Έγƒ§γƒ–γƒ­γ‚°ι›†θ¨ˆ/εˆ†ζžγ‚½γƒ•γƒˆγ‚¦γ‚§γ‚’ RICOHγ‚Έγƒ§γƒ–γƒ­γ‚°ι›†θ¨ˆγƒ„γƒΌγƒ« versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.

Vendor: Ricoh Company, Ltd.
Product: γ‚Έγƒ§γƒ–γƒ­γ‚°ι›†θ¨ˆ/εˆ†ζžγ‚½γƒ•γƒˆγ‚¦γ‚§γ‚’ RICOHγ‚Έγƒ§γƒ–γƒ­γ‚°ι›†θ¨ˆγƒ„γƒΌγƒ«
Published: Feb 20, 2026
Source: NVD
CVE-2026-2821 HIGH - 7.3

A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impacted is an unknown function of the file /Module/CRXT/Controller/XCamera.ashx. This manipulation of the argument ChannelName causes sql injection. Remote exploitation of the attack is possible. The exp...

Published: Feb 20, 2026
Source: NVD
CVE-2026-2820 HIGH - 7.3

A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be launc...

Published: Feb 20, 2026
Source: NVD
CVE-2026-26065 HIGH - 8.8

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary cont...

Vendor: kovidgoyal
Product: calibre
Published: Feb 20, 2026
Source: NVD
CVE-2026-26064 HIGH - 8.8

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a...

Vendor: kovidgoyal
Product: calibre
Published: Feb 20, 2026
Source: NVD