Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,341 - 11,360 of 14,604 CVEs
CVE-2026-2736 MEDIUM - 6.1

Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the β€˜q’ parameter in β€˜/search/index.html’. This vulnerability can be exploited to steal sensitive us...

Vendor: alkacon
Product: opencms
Published: Feb 19, 2026
Source: NVD
CVE-2026-2735 MEDIUM - 5.4

Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to β€˜/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the β€˜text’ parameter.

Vendor: alkacon
Product: opencms
Published: Feb 19, 2026
Source: NVD
CVE-2026-27094 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through <= 3.1.16.

Vendor: GoDaddy
Product: CoBlocks
Published: Feb 19, 2026
Source: NVD
CVE-2026-27092 MEDIUM - 6.5

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.2.11.

Vendor: Greg Winiarski
Product: WPAdverts
Published: Feb 19, 2026
Source: NVD
CVE-2026-27090 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through <= 1.3.3.

Vendor: WP Moose
Product: Kenta Companion
Published: Feb 19, 2026
Source: NVD
CVE-2026-27069 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.7.2.

Vendor: PenciDesign
Product: Soledad
Published: Feb 19, 2026
Source: NVD
CVE-2026-27066 MEDIUM - 5.3

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.46.

Vendor: PI Web Solution
Product: Live sales notification for WooCommerce
Published: Feb 19, 2026
Source: NVD
CVE-2026-27059 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through <= 4.1.

Vendor: PenciDesign
Product: Penci Recipe
Published: Feb 19, 2026
Source: NVD
CVE-2026-27058 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through <= 1.7.

Vendor: PenciDesign
Product: Penci Podcast
Published: Feb 19, 2026
Source: NVD
CVE-2026-27057 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through <= 1.7.

Vendor: PenciDesign
Product: Penci Filter Everything
Published: Feb 19, 2026
Source: NVD
CVE-2026-27056 MEDIUM - 4.3

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.

Vendor: StellarWP
Product: iThemes Sync
Published: Feb 19, 2026
Source: NVD
CVE-2026-27055 MEDIUM - 4.3

Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0.

Vendor: PenciDesign
Product: Penci AI SmartContent Creator
Published: Feb 19, 2026
Source: NVD
CVE-2026-27050 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0.

Vendor: ThimPress
Product: RealPress
Published: Feb 19, 2026
Source: NVD
CVE-2026-27042 MEDIUM - 5.3

Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.

Vendor: WPDeveloper
Product: NotificationX
Published: Feb 19, 2026
Source: NVD
CVE-2026-26361 MEDIUM - 6.5

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Vendor: Dell
Product: Unisphere for PowerMax, PowerMax
Published: Feb 19, 2026
Source: NVD
CVE-2026-25473 MEDIUM - 5.4

Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.

Vendor: AA-Team
Product: WZone
Published: Feb 19, 2026
Source: NVD
CVE-2026-25472 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through <= 3.14.3.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Feb 19, 2026
Source: NVD
CVE-2026-25463 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate Wpresidence Core wpresidence-core allows Stored XSS.This issue affects Wpresidence Core: from n/a through <= 5.4.0.

Vendor: WpEstate
Product: Wpresidence Core
Published: Feb 19, 2026
Source: NVD
CVE-2026-25459 MEDIUM - 4.3

Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12.

Vendor: uixthemes
Product: Sober
Published: Feb 19, 2026
Source: NVD
CVE-2026-25453 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through <= 2025.10.

Vendor: mdempfle
Product: Advanced iFrame
Published: Feb 19, 2026
Source: NVD