Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,667
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,441 - 12,460 of 13,433 CVEs
CVE-2025-68864 HIGH - 7.2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through <= 2.14.50.

Vendor: Infility
Product: Infility Global
Published: Jan 22, 2026
Source: NVD
CVE-2025-68859 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through <= 3.0.83.3.

Vendor: agmorpheus
Product: Syntax Highlighter Compress
Published: Jan 22, 2026
Source: NVD
CVE-2025-68858 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07.

Vendor: Casey Bisson
Product: wpCAS
Published: Jan 22, 2026
Source: NVD
CVE-2025-68849 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through <= 7.1.1.

Vendor: Frank Corso
Product: Quote Master
Published: Jan 22, 2026
Source: NVD
CVE-2025-68839 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0.

Vendor: Remi Corson
Product: Easy Theme Options
Published: Jan 22, 2026
Source: NVD
CVE-2025-68838 HIGH - 7.2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through <= 1.1....

Vendor: expresstechsoftware
Product: MemberPress Discord Addon
Published: Jan 22, 2026
Source: NVD
CVE-2025-68835 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.

Vendor: matiskiba
Product: Ravpage
Published: Jan 22, 2026
Source: NVD
CVE-2025-68538 HIGH - 7.2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through <= 2.3.6.

Vendor: ThemeGoods
Product: Craft
Published: Jan 22, 2026
Source: NVD
CVE-2025-68520 HIGH - 7.2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through < 4.9.5.

Vendor: ThemeGoods
Product: DotLife
Published: Jan 22, 2026
Source: NVD
CVE-2025-68518 HIGH - 7.2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < 6.8.9.

Vendor: ThemeGoods
Product: Hoteller
Published: Jan 22, 2026
Source: NVD
CVE-2025-68510 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5.

Vendor: ThemeGoods
Product: Photography
Published: Jan 22, 2026
Source: NVD
CVE-2025-68059 HIGH - 7.6

Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.

Vendor: e-plugins
Product: Hotel Listing
Published: Jan 22, 2026
Source: NVD
CVE-2025-68058 HIGH - 7.6

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4.

Vendor: e-plugins
Product: Institutions Directory
Published: Jan 22, 2026
Source: NVD
CVE-2025-68057 HIGH - 7.6

Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.

Vendor: e-plugins
Product: Hospital Doctor Directory
Published: Jan 22, 2026
Source: NVD
CVE-2025-68047 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.1.1.

Vendor: Arraytics
Product: Eventin
Published: Jan 22, 2026
Source: NVD
CVE-2025-68041 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through <= 1.3.65.

Vendor: codisto
Product: Omnichannel for WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-68035 HIGH - 7.5

Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4.

Vendor: tabbyai
Product: Tabby Checkout
Published: Jan 22, 2026
Source: NVD
CVE-2025-68030 HIGH - 7.2

Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5.

Vendor: WP Messiah
Product: Frontis Blocks
Published: Jan 22, 2026
Source: NVD
CVE-2025-68027 HIGH - 7.3

Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32.

Vendor: Themefic
Product: Hydra Booking
Published: Jan 22, 2026
Source: NVD
CVE-2025-68017 HIGH - 7.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10.

Vendor: Antideo
Product: Antideo Email Validator
Published: Jan 22, 2026
Source: NVD