Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,839
Quick preset (or use dates below)
Clear Filters
Showing 13,201 - 13,220 of 14,728 CVEs
CVE-2026-22450 MEDIUM - 4.3

Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3.

Vendor: Select-Themes
Product: Don Peppe
Published: Jan 22, 2026
Source: NVD
CVE-2026-22447 MEDIUM - 4.3

Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1.

Vendor: Select-Themes
Product: Prowess
Published: Jan 22, 2026
Source: NVD
CVE-2026-22445 MEDIUM - 5.3

Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through <= 2.6.4.

Vendor: Proptech Plugin
Product: Apimo Connector
Published: Jan 22, 2026
Source: NVD
CVE-2026-22430 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through <= 1.6.

Vendor: Mikado-Themes
Product: Verdure
Published: Jan 22, 2026
Source: NVD
CVE-2026-22426 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2.

Vendor: Elated-Themes
Product: Sweet Jane
Published: Jan 22, 2026
Source: NVD
CVE-2026-22411 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6.

Vendor: Mikado-Themes
Product: Dolcino
Published: Jan 22, 2026
Source: NVD
CVE-2026-22409 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2.

Vendor: Mikado-Themes
Product: Justicia
Published: Jan 22, 2026
Source: NVD
CVE-2026-22407 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.

Vendor: Mikado-Themes
Product: Roam
Published: Jan 22, 2026
Source: NVD
CVE-2026-22406 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.

Vendor: Mikado-Themes
Product: Overton
Published: Jan 22, 2026
Source: NVD
CVE-2026-22404 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.

Vendor: Mikado-Themes
Product: Innovio
Published: Jan 22, 2026
Source: NVD
CVE-2026-22400 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through <= 1.7.

Vendor: Mikado-Themes
Product: Holmes
Published: Jan 22, 2026
Source: NVD
CVE-2026-22398 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0.

Vendor: Mikado-Themes
Product: Fleur
Published: Jan 22, 2026
Source: NVD
CVE-2026-22396 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through <= 1.0.

Vendor: Mikado-Themes
Product: Fiorello
Published: Jan 22, 2026
Source: NVD
CVE-2026-22393 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through <= 3.3.

Vendor: Mikado-Themes
Product: Curly
Published: Jan 22, 2026
Source: NVD
CVE-2026-22391 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through <= 1.5.1.

Vendor: Mikado-Themes
Product: Cocco
Published: Jan 22, 2026
Source: NVD
CVE-2026-22388 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through <= 2.2.2.

Vendor: Imran Emu
Product: Owl Carousel WP
Published: Jan 22, 2026
Source: NVD
CVE-2026-22382 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.

Vendor: Mikado-Themes
Product: PawFriends - Pet Shop and Veterinary WordPress Theme
Published: Jan 22, 2026
Source: NVD
CVE-2026-22360 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through <= 1.4.

Vendor: AA-Team
Product: SearchAzon
Published: Jan 22, 2026
Source: NVD
CVE-2026-22359 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through <= 1.0.

Vendor: AA-Team
Product: Wordpress Movies Bulk Importer
Published: Jan 22, 2026
Source: NVD
CVE-2026-22358 MEDIUM - 5.4

Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.

Vendor: SmartDataSoft
Product: Electrician - Electrical Service WordPress
Published: Jan 22, 2026
Source: NVD