Total
5705 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68897 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2. | ||||
| CVE-2025-66533 | 2 Stellarwp, Wordpress | 2 Givewp, Wordpress | 2026-01-20 | 7.8 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1. | ||||
| CVE-2025-66078 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through <= 5.2.3. | ||||
| CVE-2025-62959 | 2 Videowhisper, Wordpress | 2 Videowhisper, Wordpress | 2026-01-20 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.22. | ||||
| CVE-2025-62023 | 2 S2member, Wordpress | 2 S2member, Wordpress | 2026-01-20 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905. | ||||
| CVE-2025-60206 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3. | ||||
| CVE-2025-60070 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through <= 1.5.13. | ||||
| CVE-2025-60068 | 2 Javothemes, Wordpress | 2 Javo Core, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through <= 3.0.0.266. | ||||
| CVE-2025-52756 | 2 Sayandatta, Wordpress | 2 Wp Last Modified Info, Wordpress | 2026-01-20 | 7.4 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through <= 1.9.2. | ||||
| CVE-2025-49926 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2026-01-20 | 7.3 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25. | ||||
| CVE-2025-49372 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through <= 1.0.7. | ||||
| CVE-2025-47588 | 2 Acowebs, Wordpress | 2 Dynamic Pricing With Discount Rules For Woocommerce, Wordpress | 2026-01-20 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Code Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through <= 4.5.9. | ||||
| CVE-2025-32222 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5. | ||||
| CVE-2026-1146 | 1 Sourcecodester | 1 Patients Waiting Area Queue Management System | 2026-01-20 | 3.5 Low |
| A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/api_register_patient.php. Such manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-21877 | 1 N8n | 1 N8n | 2026-01-20 | 10 Critical |
| n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended. | ||||
| CVE-2026-23523 | 1 Openagentplatform | 1 Dive | 2026-01-19 | 9.7 Critical |
| Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0. | ||||
| CVE-2026-23742 | 1 Zalando | 1 Skipper | 2026-01-19 | 8.8 High |
| Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs, they an read skipper secrets. This vulnerability is fixed in 0.23.0. | ||||
| CVE-2026-0642 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2026-01-16 | 2.4 Low |
| A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-10940 | 2 Totalcms, Totaljs | 3 Total Cms, Total.js, Total.js Cms | 2026-01-16 | 2.4 Low |
| A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layouts_save of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11019 | 2 Totalcms, Totaljs | 3 Total Cms, Total.js, Total.js Cms | 2026-01-16 | 2.4 Low |
| A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||