Total CVEs

144,202

Critical Severity

4,148

High Severity

14,963

Last 7 Days

1,649
Quick preset (or use dates below)
Clear Filters
Showing 2,481 - 2,500 of 144,202 CVEs
CVE-2026-39448 HIGH - 7.5

Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.

Vendor: CoderPress
Product: NOWPayments for WooCommerce
Published: Jul 02, 2026
Source: NVD
CVE-2026-27436 CRITICAL - 9.1

Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.

Vendor: Rustaurius
Product: Five Star Business Profile and Schema
Published: Jul 02, 2026
Source: NVD
CVE-2026-27433 MEDIUM - 6.5

Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.

Vendor: StylemixThemes
Product: Motors
Published: Jul 02, 2026
Source: NVD
CVE-2026-27430 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.

Vendor: tranmautritam
Product: TheFox
Published: Jul 02, 2026
Source: NVD
CVE-2026-27426 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.

Vendor: Themesuite
Product: Automotive Car Dealership Business
Published: Jul 02, 2026
Source: NVD
CVE-2026-27425 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.

Vendor: Themesuite
Product: Automotive Listings
Published: Jul 02, 2026
Source: NVD
CVE-2026-27419 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

Vendor: Zozothemes
Product: Zegen
Published: Jul 02, 2026
Source: NVD
CVE-2026-27414 HIGH - 8.8

Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.

Vendor: Fuelthemes
Product: Werkstatt
Published: Jul 02, 2026
Source: NVD
CVE-2026-27412 HIGH - 8.1

Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.

Vendor: StylemixThemes
Product: Pearl - Corporate Business
Published: Jul 02, 2026
Source: NVD
CVE-2026-27408 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.

Vendor: imithemes
Product: NativeChurch
Published: Jul 02, 2026
Source: NVD
CVE-2026-27404 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.

Vendor: Designthemes
Product: LMS
Published: Jul 02, 2026
Source: NVD
CVE-2026-27402 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.

Vendor: Designthemes
Product: Kids Life | Children School WordPress
Published: Jul 02, 2026
Source: NVD
CVE-2026-27060 HIGH - 8.8

Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.

Vendor: Reputeinfosystems
Product: ARMember Premium
Published: Jul 02, 2026
Source: NVD

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

Vendor: u5CMS
Product: u5CMS
Published: Jul 02, 2026
Source: NVD
CVE-2026-11946 HIGH - 7.5

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered acros...

Vendor: open62541 project / o6 Automation GmbH
Product: open62541
Published: Jul 02, 2026
Source: NVD
CVE-2025-69156 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.

Vendor: Design themes
Product: Kids Zone - Children WordPress Theme
Published: Jul 02, 2026
Source: NVD
CVE-2025-69155 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.

Vendor: Designthemes
Product: Fitness Zone WordPress Theme
Published: Jul 02, 2026
Source: NVD
CVE-2025-69154 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.

Vendor: designthemes
Product: SpaLab | Beauty Salon WordPress Theme
Published: Jul 02, 2026
Source: NVD
CVE-2025-69153 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.

Vendor: designthemes
Product: Trendy Travel
Published: Jul 02, 2026
Source: NVD
CVE-2025-69152 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.

Vendor: ThemeGoods
Product: Artale | Wedding Photography WordPress
Published: Jul 02, 2026
Source: NVD