Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,821
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 12,341 - 12,360 of 13,433 CVEs
CVE-2026-23974 HIGH - 8.8

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.

Vendor: uxper
Product: Golo
Published: Jan 22, 2026
Source: NVD
CVE-2026-22481 HIGH - 8.8

Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.

Vendor: Rasedul Haque Rumi
Product: BD Courier Order Ratio Checker
Published: Jan 22, 2026
Source: NVD
CVE-2026-22472 HIGH - 8.8

Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.

Vendor: hassantafreshi
Product: Easy Form Builder
Published: Jan 22, 2026
Source: NVD
CVE-2026-22470 HIGH - 7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11.

Vendor: FireStorm Plugins
Product: FireStorm Professional Real Estate
Published: Jan 22, 2026
Source: NVD
CVE-2026-22464 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through <= 3.6.33.

Vendor: wphocus
Product: My auctions allegro
Published: Jan 22, 2026
Source: NVD
CVE-2026-22402 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through <= 2.4.7.

Vendor: pavothemes
Product: Triply
Published: Jan 22, 2026
Source: NVD
CVE-2026-22401 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2.

Vendor: pavothemes
Product: Freshio
Published: Jan 22, 2026
Source: NVD
CVE-2026-22355 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.

Vendor: gregmolnar
Product: Simple XML Sitemap
Published: Jan 22, 2026
Source: NVD
CVE-2026-22278 HIGH - 8.1

Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Vendor: Dell
Product: PowerScale OneFS
Published: Jan 22, 2026
Source: NVD
CVE-2026-0535 HIGH - 7.1

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in ...

Published: Jan 22, 2026
Source: NVD
CVE-2026-0534 HIGH - 7.1

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the con...

Published: Jan 22, 2026
Source: NVD
CVE-2026-0533 HIGH - 7.1

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local f...

Published: Jan 22, 2026
Source: NVD
CVE-2025-69321 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through <= 3.5.5.

Vendor: ThemeGoods
Product: Grand Spa
Published: Jan 22, 2026
Source: NVD
CVE-2025-69320 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: from n/a through <= 3.5.7.

Vendor: ThemeGoods
Product: Grand Magazine
Published: Jan 22, 2026
Source: NVD
CVE-2025-69319 HIGH - 7.5

Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through <= 2.9.4.1.

Vendor: Beaver Builder
Product: Beaver Builder
Published: Jan 22, 2026
Source: NVD
CVE-2025-69318 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hossni Mubarak JobWP jobwp allows Stored XSS.This issue affects JobWP: from n/a through <= 2.4.5.

Vendor: Hossni Mubarak
Product: JobWP
Published: Jan 22, 2026
Source: NVD
CVE-2025-69314 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through < 4.8.3.

Vendor: fuelthemes
Product: Werkstatt
Published: Jan 22, 2026
Source: NVD
CVE-2025-69313 HIGH - 7.5

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.

Vendor: WPXPO
Product: PostX
Published: Jan 22, 2026
Source: NVD
CVE-2025-69311 HIGH - 7.6

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.

Vendor: Broadstreet
Product: Broadstreet Ads
Published: Jan 22, 2026
Source: NVD
CVE-2025-69293 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5.

Vendor: e-plugins
Product: Final User
Published: Jan 22, 2026
Source: NVD