Total CVEs

142,666

Critical Severity

4,018

High Severity

14,386

Last 7 Days

1,420
Quick preset (or use dates below)
Clear Filters
Showing 14,061 - 14,080 of 14,805 CVEs
CVE-2026-21871 MEDIUM - 6.1

NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push() or ui.navigate.history.replace(). These helpers are documented as History API wrappers for updating the browser URL w...

Vendor: zauberzeug
Product: nicegui
Published: Jan 08, 2026
Source: NVD
CVE-2026-0676 MEDIUM - 5.3

Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through <= 1.5.7.

Published: Jan 08, 2026
Source: NVD
CVE-2026-0674 MEDIUM - 4.3

Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through <= 2.9.0.

Published: Jan 08, 2026
Source: NVD
CVE-2025-69169 MEDIUM - 5.4

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through <= 1.1.11.

Published: Jan 08, 2026
Source: NVD
CVE-2025-68892 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Scroll rss excerpt scroll-rss-excerpt allows Reflected XSS.This issue affects Scroll rss excerpt: from n/a through <= 5.0.

Published: Jan 08, 2026
Source: NVD
CVE-2025-68891 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through <= 1.5.

Published: Jan 08, 2026
Source: NVD
CVE-2025-68890 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through <= 1.0.4.

Published: Jan 08, 2026
Source: NVD
CVE-2025-68875 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jcaruso001 Flaming Password Reset flaming-password-reset allows Stored XSS.This issue affects Flaming Password Reset: from n/a through <= 1.0.3.

Published: Jan 08, 2026
Source: NVD
CVE-2025-68867 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through <= 1.2.1.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67933 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through <= 4.0.9.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67932 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through < 2.0.19.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67930 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vernon Systems Limited eHive Search ehive-search allows Reflected XSS.This issue affects eHive Search: from n/a through <= 2.5.0.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67927 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through <= 0.8.8.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67922 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9.

Vendor: themegoods
Product: grand_restaurant
Published: Jan 08, 2026
Source: NVD
CVE-2025-67918 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through <= 5.4.30.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67916 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Reflected XSS.This issue affects Jobify: from n/a through <= 4.3.0.

Published: Jan 08, 2026
Source: NVD
CVE-2025-27004 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Vid...

Published: Jan 08, 2026
Source: NVD
CVE-2025-27002 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5...

Published: Jan 08, 2026
Source: NVD
CVE-2025-22725 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Stored XSS.This issue affects WP Virtual Assistant: from n/a through <= 3.0.

Published: Jan 08, 2026
Source: NVD
CVE-2025-15079 MEDIUM - 5.3

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

Vendor: haxx
Product: curl
Published: Jan 08, 2026
Source: NVD