Total CVEs

143,745

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,550
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 14,681 - 14,700 of 14,877 CVEs
CVE-2025-13419 MEDIUM - 5.3

The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it ...

Published: Jan 07, 2026
Source: NVD
CVE-2025-13418 MEDIUM - 6.4

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Au...

Published: Jan 07, 2026
Source: NVD
CVE-2025-13369 MEDIUM - 6.1

The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and 'registered_to' parameters in all versions up to, and including, 1.1.14 due to...

Published: Jan 07, 2026
Source: NVD
CVE-2025-12648 MEDIUM - 5.3

The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files/<user_id>/) without implementing proper access cont...

Published: Jan 07, 2026
Source: NVD
CVE-2025-12540 MEDIUM - 4.7

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the publicly visible plugin source. This can all...

Published: Jan 07, 2026
Source: NVD
CVE-2025-12449 MEDIUM - 5.4

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated att...

Published: Jan 07, 2026
Source: NVD
CVE-2025-12030 MEDIUM - 4.3

The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the update_item_permissions_check() method, which only verifies that the current user has the edit_posts capability...

Published: Jan 07, 2026
Source: NVD
CVE-2025-0980 MEDIUM - 6.4

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

Published: Jan 07, 2026
Source: NVD
CVE-2024-14020 MEDIUM - 5.0

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. Th...

Published: Jan 07, 2026
Source: NVD
CVE-2025-31051 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0.

Published: Jan 07, 2026
Source: NVD
CVE-2025-14612 MEDIUM - 6.7

Insecure Temporary File vulnerability in Altera Quartus Prime ProΒ  Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.

Vendor: intel
Product: quartus_prime
Published: Jan 07, 2026
Source: NVD
CVE-2025-14605 MEDIUM - 6.7

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.

Vendor: intel
Product: quartus_prime
Published: Jan 07, 2026
Source: NVD
CVE-2025-14599 MEDIUM - 6.7

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime LiteΒ  Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 throu...

Vendor: intel
Product: quartus_prime
Published: Jan 07, 2026
Source: NVD
CVE-2025-14596 MEDIUM - 6.7

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.

Vendor: intel
Product: quartus_prime
Published: Jan 07, 2026
Source: NVD
CVE-2026-21492 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV librar...

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2025-7048 MEDIUM - 4.3

On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69364 MEDIUM - 5.3

Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69363 MEDIUM - 6.5

Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69362 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69361 MEDIUM - 4.3

Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.

Published: Jan 06, 2026
Source: NVD