Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,816
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,301 - 14,320 of 38,803 CVEs
CVE-2026-45190 MEDIUM - 6.5

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the input...

Vendor: STIGTSP
Product: Net::CIDR::Lite
Published: May 10, 2026
Source: NVD
CVE-2026-45180 HIGH - 7.5

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session...

Vendor: RRWO
Product: Catalyst::Plugin::Statsd
Published: May 10, 2026
Source: NVD
CVE-2026-45179 MEDIUM - 5.3

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' IP addresses may be leaked. Since version 0.9.0, the IP address...

Vendor: RRWO
Product: Plack::Middleware::Statsd
Published: May 10, 2026
Source: NVD
CVE-2022-50970 MEDIUM - 5.4

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrary J...

Vendor: Getaawp
Product: WordPress Plugin AAWP
Published: May 10, 2026
Source: NVD
CVE-2022-50969 MEDIUM - 6.1

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted...

Vendor: uBidAuction
Product: uBidAuction
Published: May 10, 2026
Source: NVD
CVE-2022-50968 MEDIUM - 6.1

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reque...

Vendor: uBidAuction
Product: uBidAuction
Published: May 10, 2026
Source: NVD
CVE-2022-50967 MEDIUM - 6.1

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

Vendor: uBidAuction
Product: uBidAuction
Published: May 10, 2026
Source: NVD
CVE-2022-50966 MEDIUM - 6.1

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests ...

Vendor: uBidAuction
Product: uBidAuction
Published: May 10, 2026
Source: NVD
CVE-2022-50965 MEDIUM - 6.1

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

Vendor: uBidAuction
Product: uBidAuction
Published: May 10, 2026
Source: NVD
CVE-2022-50964 MEDIUM - 6.1

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via ...

Vendor: uBidAuction
Product: uBidAuction
Published: May 10, 2026
Source: NVD
CVE-2022-50963 MEDIUM - 6.1

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

Vendor: uBidAuction
Product: uBidAuction
Published: May 10, 2026
Source: NVD
CVE-2022-50962 MEDIUM - 6.1

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reque...

Vendor: uBidAuction
Product: uBidAuction
Published: May 10, 2026
Source: NVD
CVE-2022-50961 MEDIUM - 6.4

WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page settings t...

Vendor: IP2Location
Product: IP2Location Country Blocker
Published: May 10, 2026
Source: NVD
CVE-2022-50960 MEDIUM - 6.1

WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary Ja...

Vendor: Varun Sridharan
Product: International Sms For Contact Form
Published: May 10, 2026
Source: NVD
CVE-2022-50959 MEDIUM - 6.1

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in the form_id parameter t...

Vendor: wpdevart
Product: Contact Form Builder
Published: May 10, 2026
Source: NVD
CVE-2022-50958 MEDIUM - 6.1

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter t...

Vendor: jetpack
Product: Jetpack
Published: May 10, 2026
Source: NVD
CVE-2022-50957 MEDIUM - 6.1

Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avatar_uploader.pages.inc to execu...

Vendor: avatar_uploader
Product: avatar_uploader
Published: May 10, 2026
Source: NVD
CVE-2022-50956 MEDIUM - 6.2

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to ...

Vendor: amministrazione-aperta
Product: amministrazione-aperta
Published: May 10, 2026
Source: NVD
CVE-2022-50955 MEDIUM - 4.3

WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page wi...

Vendor: curtain
Product: Curtain
Published: May 10, 2026
Source: NVD
CVE-2022-50954 MEDIUM - 6.2

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to includ...

Vendor: cab-fare-calculator
Product: cab-fare-calculator
Published: May 10, 2026
Source: NVD