Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,667
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,461 - 12,480 of 13,433 CVEs
CVE-2025-68012 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through <= 0.10.1.

Vendor: Dmytro Shteflyuk
Product: CodeColorer
Published: Jan 22, 2026
Source: NVD
CVE-2025-68011 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through <= 1.4.0.

Vendor: GLS
Product: GLS Shipping for WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-68010 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63.

Vendor: netgsm
Product: Netgsm
Published: Jan 22, 2026
Source: NVD
CVE-2025-68008 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.

Vendor: mndpsingh287
Product: WP Mail
Published: Jan 22, 2026
Source: NVD
CVE-2025-68004 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through <= 1.2.1.1.

Vendor: Kapil Chugh
Product: My Post Order
Published: Jan 22, 2026
Source: NVD
CVE-2025-67967 HIGH - 7.6

Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3.

Vendor: e-plugins
Product: Lawyer Directory
Published: Jan 22, 2026
Source: NVD
CVE-2025-67966 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3.

Vendor: e-plugins
Product: Lawyer Directory
Published: Jan 22, 2026
Source: NVD
CVE-2025-67964 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through <= 2.4.3.

Vendor: favethemes
Product: Homey Core
Published: Jan 22, 2026
Source: NVD
CVE-2025-67963 HIGH - 8.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through <= 1.1.5.

Vendor: ovatheme
Product: Movie Booking
Published: Jan 22, 2026
Source: NVD
CVE-2025-67960 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through <= 1.7.06.

Vendor: purethemes
Product: WorkScout-Core
Published: Jan 22, 2026
Source: NVD
CVE-2025-67959 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through <= 4.1.07.

Vendor: purethemes
Product: WorkScout
Published: Jan 22, 2026
Source: NVD
CVE-2025-67957 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo Core: from n/a through <= 2.3.77.

Vendor: TangibleWP
Product: Listivo Core
Published: Jan 22, 2026
Source: NVD
CVE-2025-67956 HIGH - 8.2

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6.

Vendor: wpeverest
Product: User Registration
Published: Jan 22, 2026
Source: NVD
CVE-2025-67955 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome Core: from n/a through <= 4.1.0.

Vendor: TangibleWP
Product: MyHome Core
Published: Jan 22, 2026
Source: NVD
CVE-2025-67953 HIGH - 8.1

Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through <= 1.16.44.

Vendor: Booking Activities Team
Product: Booking Activities
Published: Jan 22, 2026
Source: NVD
CVE-2025-67952 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through < 5.6.2.

Vendor: ThemeGoods
Product: Grand Tour
Published: Jan 22, 2026
Source: NVD
CVE-2025-67949 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 94.3.6.

Vendor: designingmedia
Product: Hostiko
Published: Jan 22, 2026
Source: NVD
CVE-2025-67947 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through <= 3.0.11.

Vendor: scriptsbundle
Product: AdForest Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-67946 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11.

Vendor: scriptsbundle
Product: AdForest
Published: Jan 22, 2026
Source: NVD
CVE-2025-67943 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32.

Vendor: wphocus
Product: My auctions allegro
Published: Jan 22, 2026
Source: NVD