Total CVEs

140,319

Critical Severity

3,712

High Severity

13,362

Last 7 Days

1,796
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 221 - 240 of 36,724 CVEs
CVE-2026-0685 CRITICAL - 9.8

Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.

Published: Jun 26, 2026
Source: NVD
CVE-2025-11919 CRITICAL - 9.6

The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker w...

Vendor: Wolfram Research Inc.
Product: Cloud
Published: Jun 26, 2026
Source: NVD
CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.

Published: Jun 26, 2026
Source: NVD
CVE-2023-20540

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.

Vendor: AMD
Product: AMD Ryzen™ 3000 Series Desktop Processors, AMD Ryzen™ 5000 Series Desktop Processors, AMD Ryzen™ Threadripper™ 3000 Series Processors, AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors, AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors
Published: Jun 26, 2026
Source: NVD
CVE-2026-9699 MEDIUM - 6.8

Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

Published: Jun 26, 2026
Source: NVD
CVE-2026-57667 HIGH - 8.5

Sales Representative SQL Injection in Groundhogg <= 4.5 versions.

Vendor: Adrian Tobey
Product: Groundhogg
Published: Jun 26, 2026
Source: NVD
CVE-2026-57665 MEDIUM - 5.3

Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.

Vendor: GravityKit
Product: GravityView
Published: Jun 26, 2026
Source: NVD
CVE-2026-57664 MEDIUM - 4.3

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.

Vendor: VillaTheme
Product: Bopo – WooCommerce Product Bundle Builder
Published: Jun 26, 2026
Source: NVD
CVE-2026-57663 HIGH - 8.5

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.

Vendor: Igor Benic
Product: Recipe Maker For Your Food Blog from Zip Recipes
Published: Jun 26, 2026
Source: NVD
CVE-2026-57662 HIGH - 8.5

Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.

Vendor: Wasiliy Strecker
Product: Contest Gallery
Published: Jun 26, 2026
Source: NVD
CVE-2026-57661 MEDIUM - 5.4

Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.

Vendor: Nexcess
Product: WPComplete
Published: Jun 26, 2026
Source: NVD
CVE-2026-57660 MEDIUM - 5.3

Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.

Vendor: magepeopleteam
Product: Booking and Rental Manager
Published: Jun 26, 2026
Source: NVD
CVE-2026-57659 HIGH - 8.8

Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.

Vendor: Stranger Studios
Product: Paid Memberships Pro - Add Member From Admin
Published: Jun 26, 2026
Source: NVD
CVE-2026-57658 CRITICAL - 9.1

Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.

Vendor: Templatespare
Product: TemplateSpare
Published: Jun 26, 2026
Source: NVD
CVE-2026-57657 MEDIUM - 4.3

Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.

Vendor: Noor Alam
Product: Gmail SMTP
Published: Jun 26, 2026
Source: NVD
CVE-2026-57656 MEDIUM - 5.9

Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

Vendor: peregrinethemes
Product: Hester Core
Published: Jun 26, 2026
Source: NVD
CVE-2026-57655 HIGH - 8.2

Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

Vendor: Jay Versluis
Product: Child Theme Wizard
Published: Jun 26, 2026
Source: NVD
CVE-2026-57654 MEDIUM - 6.5

Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

Vendor: wp.insider
Product: Affiliates Manager
Published: Jun 26, 2026
Source: NVD
CVE-2026-57653 HIGH - 8.5

Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.

Vendor: wpjobportal
Product: WP Job Portal
Published: Jun 26, 2026
Source: NVD
CVE-2026-57652 MEDIUM - 5.3

Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.

Vendor: JoomSky
Product: JS Help Desk
Published: Jun 26, 2026
Source: NVD