Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,830
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,261 - 12,280 of 13,433 CVEs
CVE-2026-24538 HIGH - 7.6

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through <= 1.6.6.

Vendor: omnipressteam
Product: Omnipress
Published: Jan 23, 2026
Source: NVD
CVE-2026-24536 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.

Vendor: webpushr
Product: Webpushr
Published: Jan 23, 2026
Source: NVD
CVE-2026-24534 HIGH - 8.8

Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <= 1.5.7.

Vendor: uPress
Product: Booter
Published: Jan 23, 2026
Source: NVD
CVE-2026-24532 HIGH - 8.8

Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2.

Vendor: SiteLock
Product: SiteLock Security
Published: Jan 23, 2026
Source: NVD
CVE-2026-24530 HIGH - 8.8

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through <= 2.1.

Vendor: sheepfish
Product: WebP Conversion
Published: Jan 23, 2026
Source: NVD
CVE-2026-24529 HIGH - 8.8

Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7.

Vendor: Alejandro
Product: Quick Restaurant Reservations
Published: Jan 23, 2026
Source: NVD
CVE-2026-24525 HIGH - 8.1

Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.

Vendor: CloudPanel
Product: CLP Varnish Cache
Published: Jan 23, 2026
Source: NVD
CVE-2026-24524 HIGH - 8.1

Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.2.

Vendor: Essekia
Product: Tablesome
Published: Jan 23, 2026
Source: NVD
CVE-2026-24523 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6.

Vendor: Marcus (aka @msykes)
Product: WP FullCalendar
Published: Jan 23, 2026
Source: NVD
CVE-2025-69907 HIGH - 7.5

An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration informa...

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-14866 HIGH - 8.8

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary_roles_field' function. This makes it possible for authenticated attackers, with Subscribe...

Vendor: melapress
Product: Melapress Role Editor
Published: Jan 23, 2026
Source: NVD
CVE-2026-22273 HIGH - 8.8

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor: Dell
Product: ObjectScale
Published: Jan 23, 2026
Source: NVD
CVE-2026-22271 HIGH - 7.5

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.

Vendor: Dell
Product: ObjectScale
Published: Jan 23, 2026
Source: NVD
CVE-2026-0603 HIGH - 8.3

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information d...

Published: Jan 23, 2026
Source: NVD
CVE-2024-11976 HIGH - 7.3

The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthe...

Vendor: buddypress
Product: BuddyPress
Published: Jan 23, 2026
Source: NVD
CVE-2025-67847 HIGH - 8.8

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a fu...

Vendor: composer
Product: moodle/moodle
Published: Jan 23, 2026
Source: GitHub
CVE-2025-3839 HIGH - 8.0

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this act...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0796 HIGH - 7.2

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw ...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0795 HIGH - 7.2

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw ...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0794 HIGH - 8.1

ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw ex...

Published: Jan 23, 2026
Source: NVD