Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,806
Quick preset (or use dates below)
Clear Filters
Showing 12,861 - 12,880 of 14,271 CVEs
CVE-2026-24009 HIGH - 8.1

Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2...

Vendor: pip
Product: docling-core
Published: Jan 22, 2026
Source: GitHub
CVE-2026-24006 HIGH - 7.5

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a `depthLimit` parameter in serializat...

Vendor: npm
Product: seroval
Published: Jan 22, 2026
Source: GitHub
CVE-2025-65098 HIGH - 7.4

Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their Ope...

Vendor: npm
Product: @typebot.io/js
Published: Jan 22, 2026
Source: GitHub
CVE-2026-24390 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.

Vendor: QantumThemes
Product: Kentha Elementor Widgets
Published: Jan 22, 2026
Source: NVD
CVE-2026-24380 HIGH - 8.8

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.

Vendor: Metagauss
Product: EventPrime
Published: Jan 22, 2026
Source: NVD
CVE-2026-24377 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3.

Vendor: POSIMYTH
Product: Nexter Blocks
Published: Jan 22, 2026
Source: NVD
CVE-2026-24368 HIGH - 8.8

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

Vendor: Theme-one
Product: The Grid
Published: Jan 22, 2026
Source: NVD
CVE-2026-24367 HIGH - 8.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.

Vendor: shinetheme
Product: Traveler
Published: Jan 22, 2026
Source: NVD
CVE-2026-24358 HIGH - 8.8

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3.

Vendor: ExpressTech Systems
Product: Quiz And Survey Master
Published: Jan 22, 2026
Source: NVD
CVE-2026-24357 HIGH - 8.1

Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4.

Vendor: Brecht
Product: WP Recipe Maker
Published: Jan 22, 2026
Source: NVD
CVE-2026-24356 HIGH - 8.8

Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.

Vendor: Roxnor
Product: GetGenie
Published: Jan 22, 2026
Source: NVD
CVE-2026-24353 HIGH - 8.1

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.

Vendor: wpeverest
Product: User Registration
Published: Jan 22, 2026
Source: NVD
CVE-2026-23976 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.

Vendor: WP Chill
Product: Modula Image Gallery
Published: Jan 22, 2026
Source: NVD
CVE-2026-23974 HIGH - 8.8

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.

Vendor: uxper
Product: Golo
Published: Jan 22, 2026
Source: NVD
CVE-2026-22481 HIGH - 8.8

Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.

Vendor: Rasedul Haque Rumi
Product: BD Courier Order Ratio Checker
Published: Jan 22, 2026
Source: NVD
CVE-2026-22472 HIGH - 8.8

Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.

Vendor: hassantafreshi
Product: Easy Form Builder
Published: Jan 22, 2026
Source: NVD
CVE-2026-22470 HIGH - 7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11.

Vendor: FireStorm Plugins
Product: FireStorm Professional Real Estate
Published: Jan 22, 2026
Source: NVD
CVE-2026-22464 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through <= 3.6.33.

Vendor: wphocus
Product: My auctions allegro
Published: Jan 22, 2026
Source: NVD
CVE-2026-22402 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through <= 2.4.7.

Vendor: pavothemes
Product: Triply
Published: Jan 22, 2026
Source: NVD
CVE-2026-22401 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2.

Vendor: pavothemes
Product: Freshio
Published: Jan 22, 2026
Source: NVD