Total CVEs

143,835

Critical Severity

4,094

High Severity

14,788

Last 7 Days

1,470
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,101 - 2,120 of 40,240 CVEs
CVE-2026-57352 MEDIUM - 4.8

Unauthenticated Broken Authentication in ALD โ€“ Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.

Vendor: VillaTheme
Product: ALD โ€“ Dropshipping and Fulfillment for AliExpress and WooCommerce
Published: Jul 02, 2026
Source: NVD
CVE-2026-57351 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions.

Vendor: Haktan Suren
Product: HandL UTM Grabber
Published: Jul 02, 2026
Source: NVD
CVE-2026-57350 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions.

Vendor: Andy Fragen
Product: WP Debugging
Published: Jul 02, 2026
Source: NVD
CVE-2026-57349 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.

Vendor: etruel
Product: WPeMatico RSS Feed Fetcher
Published: Jul 02, 2026
Source: NVD
CVE-2026-57348 HIGH - 7.2

Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.

Vendor: Cozmoslabs
Product: Paid Member Subscriptions
Published: Jul 02, 2026
Source: NVD
CVE-2026-57347 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.

Vendor: jetmonsters
Product: Hotel Booking Lite
Published: Jul 02, 2026
Source: NVD
CVE-2026-57345 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions.

Vendor: Webraketen
Product: Internal Links Manager
Published: Jul 02, 2026
Source: NVD
CVE-2026-57344 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.

Vendor: RadiusTheme
Product: Classified Listing
Published: Jul 02, 2026
Source: NVD
CVE-2026-57343 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 3.5.9 versions.

Vendor: Contempoinc
Product: Real Estate 7
Published: Jul 02, 2026
Source: NVD
CVE-2026-57342 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.

Vendor: ShortPixel
Product: ShortPixel Adaptive Images
Published: Jul 02, 2026
Source: NVD
CVE-2026-56037 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.

Vendor: Themify
Product: Themify Popup
Published: Jul 02, 2026
Source: NVD
CVE-2026-49779 MEDIUM - 6.5

Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.

Vendor: Addify
Product: Tax Exempt for WooCommerce
Published: Jul 02, 2026
Source: NVD
CVE-2026-42382 HIGH - 8.1

Unauthenticated Local File Inclusion in Audrey <= 1.5 versions.

Vendor: Elated-Themes
Product: Audrey
Published: Jul 02, 2026
Source: NVD
CVE-2026-39448 HIGH - 7.5

Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.

Vendor: CoderPress
Product: NOWPayments for WooCommerce
Published: Jul 02, 2026
Source: NVD
CVE-2026-27436 CRITICAL - 9.1

Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.

Vendor: Rustaurius
Product: Five Star Business Profile and Schema
Published: Jul 02, 2026
Source: NVD
CVE-2026-27433 MEDIUM - 6.5

Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.

Vendor: StylemixThemes
Product: Motors
Published: Jul 02, 2026
Source: NVD
CVE-2026-27430 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.

Vendor: tranmautritam
Product: TheFox
Published: Jul 02, 2026
Source: NVD
CVE-2026-27426 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.

Vendor: Themesuite
Product: Automotive Car Dealership Business
Published: Jul 02, 2026
Source: NVD
CVE-2026-27425 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.

Vendor: Themesuite
Product: Automotive Listings
Published: Jul 02, 2026
Source: NVD
CVE-2026-27419 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

Vendor: Zozothemes
Product: Zegen
Published: Jul 02, 2026
Source: NVD