Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,840
Quick preset (or use dates below)
Clear Filters
Showing 12,881 - 12,900 of 14,286 CVEs
CVE-2026-24377 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3.

Vendor: POSIMYTH
Product: Nexter Blocks
Published: Jan 22, 2026
Source: NVD
CVE-2026-24368 HIGH - 8.8

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

Vendor: Theme-one
Product: The Grid
Published: Jan 22, 2026
Source: NVD
CVE-2026-24367 HIGH - 8.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.

Vendor: shinetheme
Product: Traveler
Published: Jan 22, 2026
Source: NVD
CVE-2026-24358 HIGH - 8.8

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3.

Vendor: ExpressTech Systems
Product: Quiz And Survey Master
Published: Jan 22, 2026
Source: NVD
CVE-2026-24357 HIGH - 8.1

Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4.

Vendor: Brecht
Product: WP Recipe Maker
Published: Jan 22, 2026
Source: NVD
CVE-2026-24356 HIGH - 8.8

Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.

Vendor: Roxnor
Product: GetGenie
Published: Jan 22, 2026
Source: NVD
CVE-2026-24353 HIGH - 8.1

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.

Vendor: wpeverest
Product: User Registration
Published: Jan 22, 2026
Source: NVD
CVE-2026-23976 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.

Vendor: WP Chill
Product: Modula Image Gallery
Published: Jan 22, 2026
Source: NVD
CVE-2026-23974 HIGH - 8.8

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.

Vendor: uxper
Product: Golo
Published: Jan 22, 2026
Source: NVD
CVE-2026-22481 HIGH - 8.8

Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.

Vendor: Rasedul Haque Rumi
Product: BD Courier Order Ratio Checker
Published: Jan 22, 2026
Source: NVD
CVE-2026-22472 HIGH - 8.8

Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.

Vendor: hassantafreshi
Product: Easy Form Builder
Published: Jan 22, 2026
Source: NVD
CVE-2026-22470 HIGH - 7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11.

Vendor: FireStorm Plugins
Product: FireStorm Professional Real Estate
Published: Jan 22, 2026
Source: NVD
CVE-2026-22464 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through <= 3.6.33.

Vendor: wphocus
Product: My auctions allegro
Published: Jan 22, 2026
Source: NVD
CVE-2026-22402 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through <= 2.4.7.

Vendor: pavothemes
Product: Triply
Published: Jan 22, 2026
Source: NVD
CVE-2026-22401 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2.

Vendor: pavothemes
Product: Freshio
Published: Jan 22, 2026
Source: NVD
CVE-2026-22355 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.

Vendor: gregmolnar
Product: Simple XML Sitemap
Published: Jan 22, 2026
Source: NVD
CVE-2026-22278 HIGH - 8.1

Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Vendor: Dell
Product: PowerScale OneFS
Published: Jan 22, 2026
Source: NVD
CVE-2026-0535 HIGH - 7.1

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in ...

Published: Jan 22, 2026
Source: NVD
CVE-2026-0534 HIGH - 7.1

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the con...

Published: Jan 22, 2026
Source: NVD
CVE-2026-0533 HIGH - 7.1

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local f...

Published: Jan 22, 2026
Source: NVD