Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,933
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 11,841 - 11,860 of 13,404 CVEs
CVE-2025-7760 HIGH - 7.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026.Β N...

Published: Feb 03, 2026
Source: NVD
CVE-2025-6397 HIGH - 8.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026.Β  NOTE: The vendor was contacted early about this disclosu...

Published: Feb 03, 2026
Source: NVD
CVE-2025-67853 HIGH - 7.5

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.

Vendor: composer
Product: moodle/moodle
Published: Feb 03, 2026
Source: NVD
CVE-2025-67850 HIGH - 7.3

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these express...

Vendor: composer
Product: moodle/moodle
Published: Feb 03, 2026
Source: NVD
CVE-2025-67849 HIGH - 7.3

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface ...

Vendor: composer
Product: moodle/moodle
Published: Feb 03, 2026
Source: NVD
CVE-2025-67848 HIGH - 8.1

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized ac...

Vendor: composer
Product: moodle/moodle
Published: Feb 03, 2026
Source: NVD
CVE-2025-8461 HIGH - 7.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Software syWEB allows Reflected XSS.This issue affects syWEB: through 03022026.Β  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: Feb 03, 2026
Source: NVD
CVE-2025-8456 HIGH - 7.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected XSS.This issue affects Kod8 Individual and SME Website: through 03022026.Β  NOTE: The vend...

Published: Feb 03, 2026
Source: NVD
CVE-2026-1730 HIGH - 8.8

The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-leve...

Published: Feb 03, 2026
Source: NVD
CVE-2026-1375 HIGH - 8.1

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the `course_list_bulk_action()`, `bulk_delete_course()`, and `u...

Published: Feb 03, 2026
Source: NVD
CVE-2025-8590 HIGH - 7.5

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026.

Published: Feb 03, 2026
Source: NVD
CVE-2025-8589 HIGH - 7.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects SKSPro: through 07012026.

Published: Feb 03, 2026
Source: NVD
CVE-2026-22550 HIGH - 7.2

OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution.

Vendor: ELECOM CO.,LTD.
Product: WRC-X1500GS-B, WRC-X1500GSA-B
Published: Feb 03, 2026
Source: NVD
CVE-2026-1065 HIGH - 7.2

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible ...

Published: Feb 03, 2026
Source: NVD
CVE-2026-1058 HIGH - 7.1

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses html_entity_decode() ...

Published: Feb 03, 2026
Source: NVD
CVE-2026-0617 HIGH - 7.2

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for una...

Published: Feb 03, 2026
Source: NVD
CVE-2026-24694 HIGH - 7.8

The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the application.

Vendor: Roland Corporation
Product: Roland Cloud Manager
Published: Feb 03, 2026
Source: NVD
CVE-2025-9711 HIGH - 7.8

A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to β€œroot” using the export option of seccertmgmt and seccryptocfg commands.

Vendor: broadcom
Product: fabric_operating_system
Published: Feb 03, 2026
Source: NVD
CVE-2026-0383 HIGH - 7.8

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.

Vendor: broadcom
Product: fabric_operating_system
Published: Feb 03, 2026
Source: NVD
CVE-2025-58383 HIGH - 7.2

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.

Vendor: Brocade
Product: Fabric OS
Published: Feb 03, 2026
Source: NVD