Total CVEs

140,319

Critical Severity

3,712

High Severity

13,362

Last 7 Days

1,805
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 261 - 280 of 36,724 CVEs
CVE-2026-57630 MEDIUM - 5.3

Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.

Vendor: Creative Themes
Product: Blocksy Companion Pro
Published: Jun 26, 2026
Source: NVD
CVE-2026-57629 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.

Vendor: StatCounter
Product: StatCounter
Published: Jun 26, 2026
Source: NVD
CVE-2026-57628 HIGH - 7.6

Administrator SQL Injection in WP All Import <= 4.0.1 versions.

Vendor: WP All Import
Product: WP All Import
Published: Jun 26, 2026
Source: NVD
CVE-2026-57627 MEDIUM - 4.9

Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.

Vendor: Themeum
Product: Kirki
Published: Jun 26, 2026
Source: NVD
CVE-2026-57622 MEDIUM - 4.3

Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.

Vendor: Arraytics
Product: WPCafe
Published: Jun 26, 2026
Source: NVD
CVE-2026-57618 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.

Vendor: Themeisle
Product: Neve PRO
Published: Jun 26, 2026
Source: NVD
CVE-2026-57617 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

Vendor: SeedProd LLC.
Product: SeedProd Pro
Published: Jun 26, 2026
Source: NVD
CVE-2026-57527 HIGH - 8.8

Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter....

Vendor: zaproxy
Product: zap-extensions
Published: Jun 26, 2026
Source: NVD
CVE-2026-57431 MEDIUM - 6.5

Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.

Vendor: Mervin Praison
Product: Featured Image
Published: Jun 26, 2026
Source: NVD
CVE-2026-57430 MEDIUM - 4.3

Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.

Vendor: SEOPress Free
Product: SEOPress PRO
Published: Jun 26, 2026
Source: NVD
CVE-2026-57325 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.

Vendor: Jellywp
Product: NanoMag
Published: Jun 26, 2026
Source: NVD
CVE-2026-57324 MEDIUM - 6.5

Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.

Vendor: VillaTheme
Product: GIFT4U
Published: Jun 26, 2026
Source: NVD
CVE-2026-57323 MEDIUM - 5.8

Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.

Vendor: bPlugins
Product: Flash & HTML5 Video
Published: Jun 26, 2026
Source: NVD
CVE-2026-57322 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.

Vendor: weDevs
Product: weMail
Published: Jun 26, 2026
Source: NVD
CVE-2026-57321 HIGH - 7.1

Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.

Vendor: icc0rz
Product: H5P
Published: Jun 26, 2026
Source: NVD
CVE-2026-57319 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.

Vendor: RealMag777
Product: FOX
Published: Jun 26, 2026
Source: NVD
CVE-2026-57318 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.

Vendor: Gemini Labs
Product: Site Reviews
Published: Jun 26, 2026
Source: NVD
CVE-2026-57317 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.

Vendor: NSquared
Product: Simply Schedule Appointments
Published: Jun 26, 2026
Source: NVD
CVE-2026-57316 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions.

Vendor: Roxnor
Product: GetGenie
Published: Jun 26, 2026
Source: NVD
CVE-2026-57315 HIGH - 8.5

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.

Vendor: Creative Themes
Product: Blocksy Companion Pro
Published: Jun 26, 2026
Source: NVD