Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,900
Quick preset (or use dates below)
Clear Filters
Showing 12,441 - 12,460 of 14,675 CVEs
CVE-2026-22548 MEDIUM - 5.9

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bdĀ process to terminate.Ā  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vendor: F5
Product: BIG-IP
Published: Feb 04, 2026
Source: NVD
CVE-2026-1642 MEDIUM - 5.9

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text d...

Published: Feb 04, 2026
Source: NVD
CVE-2025-70997 MEDIUM - 6.5

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.

Published: Feb 04, 2026
Source: NVD
CVE-2025-69618 MEDIUM - 6.5

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.

Published: Feb 04, 2026
Source: NVD
CVE-2025-14740 MEDIUM - 6.7

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1 (P...

Vendor: Docker Inc.
Product: Docker Desktop
Published: Feb 04, 2026
Source: NVD

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscate_literals" option in the query logs does not redact error information, exposing unre...

Vendor: maven
Product: org.neo4j:neo4j
Published: Feb 04, 2026
Source: NVD
CVE-2026-1370 MEDIUM - 4.9

The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ā€˜referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ...

Published: Feb 04, 2026
Source: NVD
CVE-2026-0816 MEDIUM - 4.9

The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'delete_id' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Published: Feb 04, 2026
Source: NVD
CVE-2026-0743 MEDIUM - 4.4

The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Admin...

Published: Feb 04, 2026
Source: NVD
CVE-2026-0742 MEDIUM - 6.4

The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saab_save_form_data AJAX action in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Published: Feb 04, 2026
Source: NVD
CVE-2026-0681 MEDIUM - 4.4

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-...

Published: Feb 04, 2026
Source: NVD
CVE-2026-0679 MEDIUM - 5.3

The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'check_fortis_notify_response' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooComme...

Published: Feb 04, 2026
Source: NVD
CVE-2026-0572 MEDIUM - 6.5

The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurify_save_options' function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to change plug...

Published: Feb 04, 2026
Source: NVD
CVE-2025-15508 MEDIUM - 5.3

The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the get_frontend_settings() function. This makes it possible for unauthenticated attackers to extract the site's magicimport.ai license key fr...

Vendor: magicimport
Product: Magic Import Document Extractor
Published: Feb 04, 2026
Source: NVD
CVE-2025-15507 MEDIUM - 5.3

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_sync_usage() function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to modify the plugin'...

Vendor: magicimport
Product: Magic Import Document Extractor
Published: Feb 04, 2026
Source: NVD
CVE-2025-15487 MEDIUM - 4.9

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...

Vendor: qriouslad
Product: Code Explorer
Published: Feb 04, 2026
Source: NVD
CVE-2025-15482 MEDIUM - 5.3

The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapa_proceed' WooCommerce API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data inc...

Vendor: chapaet
Product: Chapa Payment Gateway Plugin for WooCommerce
Published: Feb 04, 2026
Source: NVD
CVE-2025-15260 MEDIUM - 6.5

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This m...

Vendor: lwsdevelopers
Product: MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more
Published: Feb 04, 2026
Source: NVD
CVE-2025-14461 MEDIUM - 5.3

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint (`wc_xendit_callback`) that processes payment callbacks without any ...

Vendor: tpixendit
Product: Xendit Payment
Published: Feb 04, 2026
Source: NVD
CVE-2026-24447 MEDIUM - 6.5

If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 serie...

Vendor: Six Apart Ltd.
Product: Movable Type (Software Edition), Movable Type Advanced (Software Edition), Movable Type Premium (Software Edition), Movable Type Premium (Advanced Edition) (Software Edition), Movable Type (Cloud Edition), Movable Type Premium (Cloud Edition)
Published: Feb 04, 2026
Source: NVD