Total CVEs

136,978

Critical Severity

3,261

High Severity

12,146

Last 7 Days

1,810
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 181 - 200 of 33,383 CVEs
CVE-2026-39530 CRITICAL - 9.3

Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.

Vendor: SpeakOut!
Product: SpeakOut! Email Petitions
Published: Jun 15, 2026
Source: NVD
CVE-2026-39527 MEDIUM - 5.4

Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.

Vendor: sc Internet Vivoo
Product: WpStream
Published: Jun 15, 2026
Source: NVD
CVE-2026-39525 MEDIUM - 6.5

Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.

Vendor: Booking Activities Team
Product: Booking Activities
Published: Jun 15, 2026
Source: NVD
CVE-2026-39524 HIGH - 7.5

Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.

Vendor: ThemeGrill
Product: Masteriyo - LMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-39519 CRITICAL - 9.3

Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.

Vendor: Ahmad
Product: GeekyBot
Published: Jun 15, 2026
Source: NVD
CVE-2026-39518 HIGH - 7.1

Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.

Vendor: EventPrime
Product: EventPrime
Published: Jun 15, 2026
Source: NVD
CVE-2026-39515 MEDIUM - 6.5

Subscriber Broken Access Control in Motors < 1.4.107 versions.

Vendor: StylemixThemes
Product: Motors
Published: Jun 15, 2026
Source: NVD
CVE-2026-39514 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.

Vendor: Cozmoslabs
Product: Paid Member Subscriptions
Published: Jun 15, 2026
Source: NVD
CVE-2026-39513 HIGH - 7.5

Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.

Vendor: Easy Appointments
Product: Easy Appointments
Published: Jun 15, 2026
Source: NVD
CVE-2026-39512 CRITICAL - 9.3

Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.

Vendor: Paolo
Product: GeoDirectory
Published: Jun 15, 2026
Source: NVD
CVE-2026-39511 CRITICAL - 9.3

Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.

Vendor: Jacob N. Breetvelt
Product: WP Photo Album Plus
Published: Jun 15, 2026
Source: NVD
CVE-2026-39507 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.

Vendor: Themeisle
Product: Social Slider Feed
Published: Jun 15, 2026
Source: NVD
CVE-2026-39503 HIGH - 7.5

Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.

Vendor: Awesomemotive
Product: Easy Digital Downloads
Published: Jun 15, 2026
Source: NVD
CVE-2026-39502 CRITICAL - 9.3

Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.

Vendor: 10Web
Product: Form Maker by 10Web
Published: Jun 15, 2026
Source: NVD
CVE-2026-39499 HIGH - 7.2

Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.

Vendor: Wombat Plugins
Product: Advanced Product Fields (Product Addons) for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-39498 HIGH - 7.2

Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.

Vendor: Yeeaddons
Product: YayMail
Published: Jun 15, 2026
Source: NVD
CVE-2026-39493 CRITICAL - 9.3

Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.

Vendor: NSquared
Product: Simply Schedule Appointments
Published: Jun 15, 2026
Source: NVD
CVE-2026-39492 CRITICAL - 9.3

Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.

Vendor: Flipper Code โ€“ WordPress Development Company
Product: WP Maps
Published: Jun 15, 2026
Source: NVD
CVE-2026-39491 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.

Vendor: artbees
Product: JupiterX Core
Published: Jun 15, 2026
Source: NVD
CVE-2026-39489 MEDIUM - 4.4

Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.

Vendor: WP Chill
Product: Download Monitor
Published: Jun 15, 2026
Source: NVD