Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,859
Quick preset (or use dates below)
Clear Filters
Showing 12,661 - 12,680 of 14,675 CVEs
CVE-2022-50950 MEDIUM - 6.5

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system.

Vendor: Product Owner: Webile
Product: Webile
Published: Feb 01, 2026
Source: NVD
CVE-2022-50942 MEDIUM - 5.4

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking ...

Vendor: Inciga
Product: Inciga Web
Published: Feb 01, 2026
Source: NVD
CVE-2022-50941 MEDIUM - 6.4

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, ph...

Vendor: MrPlugins
Product: BootCommerce
Published: Feb 01, 2026
Source: NVD
CVE-2022-50940 MEDIUM - 6.4

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leadi...

Vendor: ajay138
Product: Knap Advanced PHP Login
Published: Feb 01, 2026
Source: NVD
CVE-2022-50797 MEDIUM - 6.4

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and applic...

Vendor: halfdata
Product: Stripe Green Downloads
Published: Feb 01, 2026
Source: NVD
CVE-2021-47921 MEDIUM - 6.5

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access unauthor...

Vendor: Author: Scott Ferreira
Product: Free Photo & Video Vault - WiFi Transfeโ€ชr
Published: Feb 01, 2026
Source: NVD
CVE-2021-47920 MEDIUM - 5.4

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external re...

Vendor: WebMO, LLC
Product: WebMO Job Manager
Published: Feb 01, 2026
Source: NVD
CVE-2021-47919 MEDIUM - 6.4

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.

Vendor: Simplephpscripts
Product: Simple CMS
Published: Feb 01, 2026
Source: NVD
CVE-2021-47917 MEDIUM - 6.4

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to...

Vendor: Simplephpscripts
Product: Simple CMS
Published: Feb 01, 2026
Source: NVD
CVE-2021-47914 MEDIUM - 6.4

PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, ...

Vendor: PHPSUGAR
Product: PHP Melody
Published: Feb 01, 2026
Source: NVD
CVE-2021-47913 MEDIUM - 6.4

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.

Vendor: PHPSUGAR
Product: PHP Melody
Published: Feb 01, 2026
Source: NVD
CVE-2021-47912 MEDIUM - 6.4

PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions.

Vendor: PHPSUGAR
Product: PHP Melody
Published: Feb 01, 2026
Source: NVD
CVE-2021-47911 MEDIUM - 5.4

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests.

Vendor: jdwebdesigner
Product: Affiliate Pro
Published: Feb 01, 2026
Source: NVD
CVE-2021-47908 MEDIUM - 6.4

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user ...

Vendor: thewebfosters
Product: Unknown
Published: Feb 01, 2026
Source: NVD
CVE-2021-47885 MEDIUM - 6.4

Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or phi...

Vendor: CriticalGears, Authorize.net
Product: PayPal PRO Payment Terminal, Stripe Payment Terminal, Payment Terminal
Published: Feb 01, 2026
Source: NVD
CVE-2021-47856 MEDIUM - 6.4

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content.

Vendor: NetArt Media
Product: Easy Cart Shopping Cart
Published: Feb 01, 2026
Source: NVD
CVE-2026-1165 MEDIUM - 4.3

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish_unpublish_popupbox' function that verifies a self-created nonce rather than one submitted in the request....

Published: Jan 31, 2026
Source: NVD
CVE-2026-1251 MEDIUM - 5.4

The SupportCandy โ€“ Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'add_reply' function due to missing validation on a user controlled key. This makes it possible for au...

Published: Jan 31, 2026
Source: NVD
CVE-2026-0683 MEDIUM - 6.5

The SupportCandy โ€“ Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied operand value when using the equals oper...

Published: Jan 31, 2026
Source: NVD
CVE-2026-1431 MEDIUM - 5.3

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking informat...

Published: Jan 31, 2026
Source: NVD