Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,915
Quick preset (or use dates below)
Clear Filters
Showing 12,241 - 12,260 of 14,675 CVEs
CVE-2026-2105 MEDIUM - 6.3

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executi...

Vendor: yeqifu
Product: warehouse
Published: Feb 07, 2026
Source: NVD
CVE-2026-2082 MEDIUM - 4.7

A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 07, 2026
Source: NVD
CVE-2026-2081 MEDIUM - 4.7

A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 07, 2026
Source: NVD
CVE-2026-2079 MEDIUM - 6.3

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executing ...

Vendor: yeqifu
Product: warehouse
Published: Feb 07, 2026
Source: NVD
CVE-2026-1675 MEDIUM - 5.3

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for una...

Published: Feb 07, 2026
Source: NVD
CVE-2026-1643 MEDIUM - 6.1

The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if th...

Published: Feb 07, 2026
Source: NVD
CVE-2026-1634 MEDIUM - 6.1

The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

Published: Feb 07, 2026
Source: NVD
CVE-2026-1613 MEDIUM - 6.4

The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated ...

Published: Feb 07, 2026
Source: NVD
CVE-2026-1611 MEDIUM - 6.4

The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auth...

Published: Feb 07, 2026
Source: NVD
CVE-2026-1608 MEDIUM - 6.4

The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated a...

Published: Feb 07, 2026
Source: NVD
CVE-2026-1573 MEDIUM - 6.4

The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Published: Feb 07, 2026
Source: NVD
CVE-2026-1570 MEDIUM - 6.4

The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for ...

Published: Feb 07, 2026
Source: NVD
CVE-2026-1082 MEDIUM - 4.3

The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler in `inc/settings-page.php`. This makes it possible for unauthenticated attackers to modify plugin s...

Published: Feb 07, 2026
Source: NVD
CVE-2026-0555 MEDIUM - 6.4

The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the `state` par...

Published: Feb 07, 2026
Source: NVD
CVE-2025-15477 MEDIUM - 6.5

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. ...

Vendor: simonfairbairn
Product: The Bucketlister
Published: Feb 07, 2026
Source: NVD
CVE-2025-15476 MEDIUM - 4.3

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access an...

Vendor: simonfairbairn
Product: The Bucketlister
Published: Feb 07, 2026
Source: NVD
CVE-2026-2078 MEDIUM - 6.3

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component Permission...

Vendor: yeqifu
Product: warehouse
Published: Feb 07, 2026
Source: NVD
CVE-2026-2077 MEDIUM - 6.3

A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role Ma...

Vendor: yeqifu
Product: warehouse
Published: Feb 07, 2026
Source: NVD
CVE-2026-2076 MEDIUM - 6.3

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User Manage...

Vendor: yeqifu
Product: warehouse
Published: Feb 07, 2026
Source: NVD
CVE-2026-2075 MEDIUM - 6.3

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The ma...

Vendor: yeqifu
Product: warehouse
Published: Feb 07, 2026
Source: NVD