Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,836
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,101 - 13,120 of 14,345 CVEs
CVE-2026-24595 MEDIUM - 5.4

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.5.

Vendor: zohocrm
Product: Zoho CRM Lead Magnet
Published: Jan 23, 2026
Source: NVD
CVE-2026-24594 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through <= 3.9.4.

Vendor: livemesh
Product: Livemesh Addons for WPBakery Page Builder
Published: Jan 23, 2026
Source: NVD
CVE-2026-24593 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.

Vendor: Strategy11 Team
Product: AWP Classifieds
Published: Jan 23, 2026
Source: NVD
CVE-2026-24591 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6.

Vendor: yasir129
Product: Turn Yoast SEO FAQ Block to Accordion
Published: Jan 23, 2026
Source: NVD
CVE-2026-24589 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.

Vendor: Cargus eCommerce
Product: Cargus
Published: Jan 23, 2026
Source: NVD
CVE-2026-24588 MEDIUM - 4.3

Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through <= 1.5.4.

Vendor: topdevs
Product: Smart Product Viewer
Published: Jan 23, 2026
Source: NVD
CVE-2026-24587 MEDIUM - 5.4

Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through <= 0.10.210305.

Vendor: kutsy
Product: AJAX Hits Counter + Popular Posts Widget
Published: Jan 23, 2026
Source: NVD
CVE-2026-24585 MEDIUM - 6.5

Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0.

Vendor: Hyyan Abo Fakher
Product: Hyyan WooCommerce Polylang Integration
Published: Jan 23, 2026
Source: NVD
CVE-2026-24584 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0.

Vendor: Themeum
Product: Tutor LMS BunnyNet Integration
Published: Jan 23, 2026
Source: NVD
CVE-2026-24583 MEDIUM - 5.3

Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through <= 2.7.9.

Vendor: sumup
Product: SumUp Payment Gateway For WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24581 MEDIUM - 5.4

Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through <= 2.9.5.

Vendor: WP Swings
Product: Points and Rewards for WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24580 MEDIUM - 4.3

Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.

Vendor: Ecwid by Lightspeed Ecommerce Shopping Cart
Product: Ecwid Shopping Cart
Published: Jan 23, 2026
Source: NVD
CVE-2026-24579 MEDIUM - 4.3

Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9.

Vendor: WP Messiah
Product: Ai Image Alt Text Generator for WP
Published: Jan 23, 2026
Source: NVD
CVE-2026-24578 MEDIUM - 4.3

Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through <= 1.1.5.

Vendor: Jahid Hasan
Product: Admin login URL Change
Published: Jan 23, 2026
Source: NVD
CVE-2026-24577 MEDIUM - 5.3

Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.7.

Vendor: Genetech Products
Product: Pie Register
Published: Jan 23, 2026
Source: NVD
CVE-2026-24576 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0.

Vendor: COP
Product: UX Flat
Published: Jan 23, 2026
Source: NVD
CVE-2026-24571 MEDIUM - 4.3

Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.

Vendor: boxnow
Product: BOX NOW Delivery
Published: Jan 23, 2026
Source: NVD
CVE-2026-24570 MEDIUM - 5.4

Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.

Vendor: WisdmLabs
Product: Edwiser Bridge
Published: Jan 23, 2026
Source: NVD
CVE-2026-24569 MEDIUM - 4.3

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through <= 1.6.7.

Vendor: Sully
Product: Media Library File Size
Published: Jan 23, 2026
Source: NVD
CVE-2026-24568 MEDIUM - 5.3

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.0.0.

Vendor: WP Travel
Product: WP Travel
Published: Jan 23, 2026
Source: NVD