Total CVEs

140,339

Critical Severity

3,747

High Severity

13,518

Last 7 Days

1,774
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,661 - 2,680 of 36,744 CVEs
CVE-2026-39554 HIGH - 8.1

Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

Vendor: Elated-Themes
Product: Fidalgo
Published: Jun 17, 2026
Source: NVD
CVE-2026-39549 HIGH - 8.1

Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

Vendor: Elated-Themes
Product: Aperitif
Published: Jun 17, 2026
Source: NVD
CVE-2026-39548 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.

Vendor: Sneeit
Product: MagOne
Published: Jun 17, 2026
Source: NVD
CVE-2026-39547 HIGH - 8.1

Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

Vendor: Select-Themes
Product: Getaway
Published: Jun 17, 2026
Source: NVD
CVE-2026-39546 HIGH - 7.6

Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.

Vendor: Techspawn
Product: MultiLoca
Published: Jun 17, 2026
Source: NVD
CVE-2026-39545 HIGH - 8.1

Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.

Vendor: Select-Themes
Product: Zermatt
Published: Jun 17, 2026
Source: NVD
CVE-2026-39539 HIGH - 8.1

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.

Vendor: Edge-Themes
Product: Alloggio - Hotel Booking
Published: Jun 17, 2026
Source: NVD
CVE-2026-39537 HIGH - 8.1

Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.

Vendor: Mikado-Themes
Product: Mikado Core
Published: Jun 17, 2026
Source: NVD
CVE-2026-39529 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.

Vendor: ThemeREX Group
Product: Elementra
Published: Jun 17, 2026
Source: NVD
CVE-2026-39522 HIGH - 8.1

Unauthenticated Local File Inclusion in Solene <= 3.4 versions.

Vendor: Elated-Themes
Product: Solene
Published: Jun 17, 2026
Source: NVD
CVE-2026-39446 HIGH - 8.1

Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.

Vendor: PressLayouts
Product: Kapee
Published: Jun 17, 2026
Source: NVD
CVE-2026-39443 HIGH - 8.1

Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.

Vendor: PressLayouts
Product: EmallShop
Published: Jun 17, 2026
Source: NVD
CVE-2026-39438 CRITICAL - 9.3

Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.

Vendor: Emraan Cheema
Product: ListingPro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39433 MEDIUM - 6.5

Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.

Vendor: mojoomla
Product: WPAMS
Published: Jun 17, 2026
Source: NVD
CVE-2026-34895 HIGH - 8.1

Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.

Vendor: WebGeniusLab
Product: Softlab Core
Published: Jun 17, 2026
Source: NVD
CVE-2026-34894 HIGH - 8.1

Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.

Vendor: WebGeniusLab
Product: Integrio Core
Published: Jun 17, 2026
Source: NVD
CVE-2026-34893 HIGH - 8.1

Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.

Vendor: WebGeniusLab
Product: Thegov Core
Published: Jun 17, 2026
Source: NVD
CVE-2026-34888 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.

Vendor: Bricksforge
Product: Bricksforge
Published: Jun 17, 2026
Source: NVD
CVE-2026-32967 CRITICAL - 9.1

Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Vendor: apache
Product: dolphinscheduler
Published: Jun 17, 2026
Source: NVD
CVE-2026-32966 CRITICAL - 9.8

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Vendor: apache
Product: dolphinscheduler
Published: Jun 17, 2026
Source: NVD