Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,722
Quick preset (or use dates below)
Clear Filters
Showing 11,421 - 11,440 of 14,604 CVEs
CVE-2026-25000 MEDIUM - 5.3

Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through <= 1.2.0.

Vendor: Kraft Plugins
Product: Wheel of Life
Published: Feb 19, 2026
Source: NVD
CVE-2026-24999 MEDIUM - 5.3

Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through <= 5.16.1.

Vendor: Alma
Product: Alma
Published: Feb 19, 2026
Source: NVD
CVE-2026-24392 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a through <= 2.14.2.

Vendor: Nabil Lemsieh
Product: HurryTimer
Published: Feb 19, 2026
Source: NVD
CVE-2026-24375 MEDIUM - 5.3

Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through <= 3.2.4.

Vendor: WP Swings
Product: Ultimate Gift Cards For WooCommerce
Published: Feb 19, 2026
Source: NVD
CVE-2026-23804 MEDIUM - 5.4

Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.

Vendor: BBR Plugins
Product: Better Business Reviews
Published: Feb 19, 2026
Source: NVD
CVE-2026-23803 MEDIUM - 6.4

Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through <= 1.2.2.

Vendor: Burhan Nasir
Product: Smart Auto Upload Images
Published: Feb 19, 2026
Source: NVD
CVE-2026-23543 MEDIUM - 5.3

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.5.

Vendor: WPDeveloper
Product: Essential Addons for Elementor
Published: Feb 19, 2026
Source: NVD
CVE-2026-22422 MEDIUM - 5.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1.

Vendor: wpeverest
Product: Everest Forms
Published: Feb 19, 2026
Source: NVD
CVE-2026-22269 MEDIUM - 4.7

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.

Vendor: Dell
Product: PowerProtect Data Manager
Published: Feb 19, 2026
Source: NVD
CVE-2026-2711 MEDIUM - 5.6

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrf_proxy.py of the component URL Handler. The manipulation of the argument make_request leads to server-side re...

Published: Feb 19, 2026
Source: NVD
CVE-2026-2706 MEDIUM - 6.3

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis_not.php. This manipulation of the argument comp_id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.

Vendor: code-projects
Product: patient_record_management_system
Published: Feb 19, 2026
Source: NVD
CVE-2026-2705 MEDIUM - 4.3

A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit i...

Vendor: openbabel
Product: open_babel
Published: Feb 19, 2026
Source: NVD
CVE-2026-2704 MEDIUM - 4.3

A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the att...

Vendor: openbabel
Product: open_babel
Published: Feb 19, 2026
Source: NVD
CVE-2026-2693 MEDIUM - 4.3

A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The exploi...

Vendor: cocoteanet
Product: cyreneadmin
Published: Feb 19, 2026
Source: NVD
CVE-2026-2692 MEDIUM - 4.3

A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the argument Avatar results in path traversal. The attack can be initiated remotely. The exploit has been ...

Vendor: cocoteanet
Product: cyreneadmin
Published: Feb 19, 2026
Source: NVD
CVE-2026-2681 MEDIUM - 5.3

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation function...

Published: Feb 19, 2026
Source: NVD
CVE-2026-2504 MEDIUM - 4.3

The Dealia โ€“ Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.6. The admin nonce (DEALIA_ADMIN_NONCE) is exposed to all users with edit_posts capability (Contri...

Published: Feb 19, 2026
Source: NVD
CVE-2026-2502 MEDIUM - 6.1

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries witho...

Published: Feb 19, 2026
Source: NVD
CVE-2026-2284 MEDIUM - 5.4

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne_clean_data' AJAX action. This makes it possible for authenticated at...

Published: Feb 19, 2026
Source: NVD
CVE-2026-2282 MEDIUM - 4.4

The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and abov...

Published: Feb 19, 2026
Source: NVD