Total CVEs

143,818

Critical Severity

4,094

High Severity

14,786

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 2,101 - 2,120 of 40,223 CVEs
CVE-2026-27426 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.

Vendor: Themesuite
Product: Automotive Car Dealership Business
Published: Jul 02, 2026
Source: NVD
CVE-2026-27425 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.

Vendor: Themesuite
Product: Automotive Listings
Published: Jul 02, 2026
Source: NVD
CVE-2026-27419 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

Vendor: Zozothemes
Product: Zegen
Published: Jul 02, 2026
Source: NVD
CVE-2026-27414 HIGH - 8.8

Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.

Vendor: Fuelthemes
Product: Werkstatt
Published: Jul 02, 2026
Source: NVD
CVE-2026-27412 HIGH - 8.1

Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.

Vendor: StylemixThemes
Product: Pearl - Corporate Business
Published: Jul 02, 2026
Source: NVD
CVE-2026-27408 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.

Vendor: imithemes
Product: NativeChurch
Published: Jul 02, 2026
Source: NVD
CVE-2026-27404 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.

Vendor: Designthemes
Product: LMS
Published: Jul 02, 2026
Source: NVD
CVE-2026-27402 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.

Vendor: Designthemes
Product: Kids Life | Children School WordPress
Published: Jul 02, 2026
Source: NVD
CVE-2026-27060 HIGH - 8.8

Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.

Vendor: Reputeinfosystems
Product: ARMember Premium
Published: Jul 02, 2026
Source: NVD

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

Vendor: u5CMS
Product: u5CMS
Published: Jul 02, 2026
Source: NVD
CVE-2026-11946 HIGH - 7.5

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered acros...

Vendor: open62541 project / o6 Automation GmbH
Product: open62541
Published: Jul 02, 2026
Source: NVD
CVE-2025-69156 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.

Vendor: Design themes
Product: Kids Zone - Children WordPress Theme
Published: Jul 02, 2026
Source: NVD
CVE-2025-69155 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.

Vendor: Designthemes
Product: Fitness Zone WordPress Theme
Published: Jul 02, 2026
Source: NVD
CVE-2025-69154 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.

Vendor: designthemes
Product: SpaLab | Beauty Salon WordPress Theme
Published: Jul 02, 2026
Source: NVD
CVE-2025-69153 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.

Vendor: designthemes
Product: Trendy Travel
Published: Jul 02, 2026
Source: NVD
CVE-2025-69152 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.

Vendor: ThemeGoods
Product: Artale | Wedding Photography WordPress
Published: Jul 02, 2026
Source: NVD
CVE-2025-69134 HIGH - 7.5

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.

Vendor: Merkulove
Product: OpenAI Chatbot for WordPress – Helper
Published: Jul 02, 2026
Source: NVD
CVE-2025-69133 HIGH - 7.5

Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.

Vendor: GoodLayers
Product: Tourmaster
Published: Jul 02, 2026
Source: NVD
CVE-2025-69132 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.

Vendor: Zozothemes
Product: Corpkit
Published: Jul 02, 2026
Source: NVD
CVE-2025-69094 HIGH - 8.5

Subscriber SQL Injection in Unicamp <= 2.2.2 versions.

Vendor: ThemeMove
Product: Unicamp
Published: Jul 02, 2026
Source: NVD