Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,838
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,061 - 13,080 of 14,345 CVEs
CVE-2025-67231 MEDIUM - 5.9

A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2021-47906 MEDIUM - 6.4

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users�...

Vendor: BloofoxCMS
Product: BloofoxCMS
Published: Jan 23, 2026
Source: NVD
CVE-2021-47905 MEDIUM - 6.1

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.

Vendor: vintagedaddyo
Product: MyBB Delete Account Plugin
Published: Jan 23, 2026
Source: NVD
CVE-2021-47899 MEDIUM - 4.0

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by u...

Vendor: Mfscripts
Product: YetiShare File Hosting Script
Published: Jan 23, 2026
Source: NVD
CVE-2018-25132 MEDIUM - 6.1

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.

Vendor: zainali99
Product: MyBB Trending Widget Plugin
Published: Jan 23, 2026
Source: NVD
CVE-2018-25116 MEDIUM - 6.1

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.

Vendor: jamiesage123
Product: MyBB Thread Redirect Plugin
Published: Jan 23, 2026
Source: NVD

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting (XSS) vulnerability, which allows an attacker to cra...

Vendor: maven
Product: org.xwiki.platform:xwiki-platform-web-templates
Published: Jan 23, 2026
Source: GitHub
CVE-2025-67125 MEDIUM - 4.4

A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy bypass in applications that rely on o...

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2026-24636 MEDIUM - 4.3

Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar (Lite): from n/a through <= 3.10.1.

Vendor: Syed Balkhi
Product: Sugar Calendar (Lite)
Published: Jan 23, 2026
Source: NVD
CVE-2026-24634 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through <= 3.2.16.

Vendor: Rustaurius
Product: Ultimate Reviews
Published: Jan 23, 2026
Source: NVD
CVE-2026-24633 MEDIUM - 5.3

Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized Minify: from n/a through <= 3.1.0.

Vendor: Passionate Brains
Product: Add Expires Headers & Optimized Minify
Published: Jan 23, 2026
Source: NVD
CVE-2026-24632 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through <= 1.0.0.

Vendor: jagdish1o1
Product: Delay Redirects
Published: Jan 23, 2026
Source: NVD
CVE-2026-24631 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through <= 1.4.

Vendor: Mikado-Themes
Product: Rosebud
Published: Jan 23, 2026
Source: NVD
CVE-2026-24630 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.8.

Vendor: Design
Product: Stylish Cost Calculator
Published: Jan 23, 2026
Source: NVD
CVE-2026-24629 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ability, Inc Web Accessibility with Max Access accessibility-toolbar allows Stored XSS.This issue affects Web Accessibility with Max Access: from n/a through <= 2.1.0.

Vendor: Ability, Inc
Product: Web Accessibility with Max Access
Published: Jan 23, 2026
Source: NVD
CVE-2026-24627 MEDIUM - 4.3

Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through <= 2.0.0.

Vendor: Trusona
Product: Trusona for WordPress
Published: Jan 23, 2026
Source: NVD
CVE-2026-24626 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Logo Slider logo-slider-wp allows Stored XSS.This issue affects Logo Slider: from n/a through <= 4.9.0.

Vendor: LogicHunt
Product: Logo Slider
Published: Jan 23, 2026
Source: NVD
CVE-2026-24625 MEDIUM - 5.3

Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through <= 1.7.3.

Vendor: Imaginate Solutions
Product: File Uploads Addon for WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24623 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.

Vendor: saeros1984
Product: Neoforum
Published: Jan 23, 2026
Source: NVD
CVE-2026-24622 MEDIUM - 5.4

Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through <= 5.0.

Vendor: Sergiy Dzysyak
Product: Suggestion Toolkit
Published: Jan 23, 2026
Source: NVD