Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,881
Quick preset (or use dates below)
Clear Filters
Showing 12,561 - 12,580 of 14,675 CVEs
CVE-2026-24967 MEDIUM - 5.3

Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38.

Vendor: ameliabooking
Product: Amelia
Published: Feb 03, 2026
Source: NVD
CVE-2026-24966 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium allows Cross Site Request Forgery.This issue affects Copyscape Premium: from n/a through <= 1.4.1.

Vendor: Copyscape
Product: Copyscape Premium
Published: Feb 03, 2026
Source: NVD
CVE-2026-24965 MEDIUM - 4.3

Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contest Gallery: from n/a through <= 28.1.1.

Vendor: Wasiliy Strecker / ContestGallery developer
Product: Contest Gallery
Published: Feb 03, 2026
Source: NVD
CVE-2026-24962 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through <= 0.0.9.

Vendor: Brainstorm Force
Product: Sigmize
Published: Feb 03, 2026
Source: NVD
CVE-2026-24961 MEDIUM - 5.4

Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5.

Vendor: ThemeGoods
Product: Grand Blog
Published: Feb 03, 2026
Source: NVD
CVE-2026-24958 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2.

Vendor: Crocoblock
Product: JetElements For Elementor
Published: Feb 03, 2026
Source: NVD
CVE-2026-24957 MEDIUM - 6.5

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through <= 3.2.20.

Vendor: WP Chill
Product: Strong Testimonials
Published: Feb 03, 2026
Source: NVD
CVE-2026-24952 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.

Vendor: Craig Hewitt
Product: Seriously Simple Podcasting
Published: Feb 03, 2026
Source: NVD
CVE-2026-24951 MEDIUM - 4.3

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3.

Vendor: Saad Iqbal
Product: myCred
Published: Feb 03, 2026
Source: NVD
CVE-2026-24947 MEDIUM - 4.3

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through < 1.5.6.3.

Vendor: LA-Studio
Product: LA-Studio Element Kit for Elementor
Published: Feb 03, 2026
Source: NVD
CVE-2026-24945 MEDIUM - 5.3

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.34.

Vendor: Themefic
Product: Ultimate Addons for Contact Form 7
Published: Feb 03, 2026
Source: NVD
CVE-2026-24942 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through <= 5.1.1.

Vendor: magepeopleteam
Product: WpEvently
Published: Feb 03, 2026
Source: NVD
CVE-2026-24940 MEDIUM - 4.3

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through <= 1.3.3.

Vendor: Themefic
Product: Travelfic Toolkit
Published: Feb 03, 2026
Source: NVD
CVE-2026-24939 MEDIUM - 4.3

Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through <= 2.13.6.

Vendor: WP Chill
Product: Modula Image Gallery
Published: Feb 03, 2026
Source: NVD
CVE-2026-24938 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through <= 4.2.1.

Vendor: Ajay
Product: Better Search
Published: Feb 03, 2026
Source: NVD
CVE-2026-1312 MEDIUM - 5.4

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, ...

Vendor: pip
Product: Django
Published: Feb 03, 2026
Source: NVD
CVE-2026-1287 MEDIUM - 5.4

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`,...

Vendor: pip
Product: Django
Published: Feb 03, 2026
Source: NVD
CVE-2026-1207 MEDIUM - 5.4

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not eva...

Vendor: pip
Product: Django
Published: Feb 03, 2026
Source: NVD
CVE-2025-13473 MEDIUM - 5.3

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5....

Vendor: djangoproject
Product: Django
Published: Feb 03, 2026
Source: NVD

Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without proper validation or ...

Vendor: npm
Product: agents
Published: Feb 03, 2026
Source: NVD