Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,811
Quick preset (or use dates below)
Clear Filters
Showing 13,121 - 13,140 of 14,713 CVEs
CVE-2026-24550 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.15.

Vendor: Kaira
Product: Blockons
Published: Jan 23, 2026
Source: NVD
CVE-2026-24549 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through <= 2.8.147.

Vendor: Paolo
Product: GeoDirectory
Published: Jan 23, 2026
Source: NVD
CVE-2026-24548 MEDIUM - 5.3

Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.91.

Vendor: Prince
Product: Radio Player
Published: Jan 23, 2026
Source: NVD
CVE-2026-24544 MEDIUM - 4.3

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.

Vendor: Harmonic Design
Product: HD Quiz
Published: Jan 23, 2026
Source: NVD
CVE-2026-24543 MEDIUM - 4.3

Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through <= 1.3.52.

Vendor: Horea Radu
Product: Materialis Companion
Published: Jan 23, 2026
Source: NVD
CVE-2026-24542 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0.

Vendor: John James Jacoby
Product: WP Term Order
Published: Jan 23, 2026
Source: NVD
CVE-2026-24541 MEDIUM - 5.3

Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through <= 2.1.9.

Vendor: mkscripts
Product: Download After Email
Published: Jan 23, 2026
Source: NVD
CVE-2026-24540 MEDIUM - 5.4

Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.5.

Vendor: Prince
Product: Integrate Google Drive
Published: Jan 23, 2026
Source: NVD
CVE-2026-24539 MEDIUM - 5.3

Missing Authorization vulnerability in ABCdatos Protección de datos &#8211; RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos &#8211; RGPD: from n/a through <= 0.68.

Vendor: ABCdatos
Product: Protección de datos &#8211; RGPD
Published: Jan 23, 2026
Source: NVD
CVE-2026-24535 MEDIUM - 4.3

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.7.

Vendor: webdevstudios
Product: Automatic Featured Images from Videos
Published: Jan 23, 2026
Source: NVD
CVE-2026-24528 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9.

Vendor: pixelgrade
Product: Nova Blocks
Published: Jan 23, 2026
Source: NVD
CVE-2026-24526 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry &amp; Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry &amp; Cart Options for Wo...

Vendor: Steve Truman
Product: Email Inquiry &amp; Cart Options for WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24522 MEDIUM - 4.3

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through <= 1.2.16.

Vendor: MyThemeShop
Product: WP Subscribe
Published: Jan 23, 2026
Source: NVD
CVE-2026-24521 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1.

Vendor: Timur Kamaev
Product: Kama Thumbnail
Published: Jan 23, 2026
Source: NVD
CVE-2025-13921 MEDIUM - 4.3

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and i...

Vendor: wedevs
Product: weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
Published: Jan 23, 2026
Source: NVD
CVE-2026-0914 MEDIUM - 6.4

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it ...

Published: Jan 23, 2026
Source: NVD
CVE-2025-2204 MEDIUM - 4.7

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about t...

Published: Jan 23, 2026
Source: NVD
CVE-2026-22276 MEDIUM - 5.5

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Vendor: Dell
Product: ObjectScale
Published: Jan 23, 2026
Source: NVD
CVE-2026-22275 MEDIUM - 4.4

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Vendor: Dell
Product: ObjectScale
Published: Jan 23, 2026
Source: NVD
CVE-2026-22274 MEDIUM - 6.5

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modi...

Vendor: Dell
Product: ObjectScale
Published: Jan 23, 2026
Source: NVD