Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,839
Quick preset (or use dates below)
Clear Filters
Showing 13,221 - 13,240 of 14,728 CVEs
CVE-2026-22353 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through <= 9.0.12.

Vendor: winkm89
Product: teachPress
Published: Jan 22, 2026
Source: NVD
CVE-2026-22349 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through <= 1.4.1.

Vendor: linux4me2
Product: Menu In Post
Published: Jan 22, 2026
Source: NVD
CVE-2026-22348 MEDIUM - 5.3

Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53.

Vendor: Tasos Fel
Product: Civic Cookie Control
Published: Jan 22, 2026
Source: NVD
CVE-2026-22347 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a t...

Vendor: subhansanjaya
Product: Carousel Horizontal Posts Content Slider
Published: Jan 22, 2026
Source: NVD
CVE-2025-70899 MEDIUM - 6.5

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-69317 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through < 2.4.6.

Vendor: scriptsbundle
Product: CarSpot
Published: Jan 22, 2026
Source: NVD
CVE-2025-69316 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2.

Vendor: RealMag777
Product: TableOn
Published: Jan 22, 2026
Source: NVD
CVE-2025-69315 MEDIUM - 6.5

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15.

Vendor: NSquared
Product: Simply Schedule Appointments
Published: Jan 22, 2026
Source: NVD
CVE-2025-69300 MEDIUM - 5.4

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.

Vendor: Leap13
Product: Premium Addons for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-69098 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWave Hide My WP hide_my_wp allows Reflected XSS.This issue affects Hide My WP: from n/a through <= 6.2.12.

Vendor: wpWave
Product: Hide My WP
Published: Jan 22, 2026
Source: NVD
CVE-2025-69095 MEDIUM - 6.5

Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7.

Vendor: designthemes
Product: Reservation Plugin
Published: Jan 22, 2026
Source: NVD
CVE-2025-69055 MEDIUM - 6.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through <= 3.16.3.

Vendor: SeaTheme
Product: BM Content Builder
Published: Jan 22, 2026
Source: NVD
CVE-2025-69001 MEDIUM - 5.3

Improper Control of Generation of Code ('Code Injection') vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through <= 6.1.11.

Vendor: Shahjahan Jewel
Product: FluentForm
Published: Jan 22, 2026
Source: NVD
CVE-2025-68911 MEDIUM - 6.5

Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16.

Vendor: solacewp
Product: Solace
Published: Jan 22, 2026
Source: NVD
CVE-2025-68900 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows DOM-Based XSS.This issue affects Enfold: from n/a through <= 7.1.3.

Vendor: Kriesi
Product: Enfold
Published: Jan 22, 2026
Source: NVD
CVE-2025-68898 MEDIUM - 5.8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through <= 1.5.

Vendor: cjjparadoxmax
Product: Synergy Project Manager
Published: Jan 22, 2026
Source: NVD
CVE-2025-68896 MEDIUM - 6.5

Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.

Vendor: vrpr
Product: WDV One Page Docs
Published: Jan 22, 2026
Source: NVD
CVE-2025-68558 MEDIUM - 6.5

Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.

Vendor: averta
Product: Depicter Slider
Published: Jan 22, 2026
Source: NVD
CVE-2025-68507 MEDIUM - 6.5

Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.

Vendor: Icegram
Product: Icegram
Published: Jan 22, 2026
Source: NVD
CVE-2025-68073 MEDIUM - 6.5

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4.

Vendor: Ninja Team
Product: GDPR CCPA Compliance Support
Published: Jan 22, 2026
Source: NVD