Total CVEs

138,210

Critical Severity

3,547

High Severity

12,695

Last 7 Days

1,900
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 341 - 360 of 12,881 CVEs
CVE-2026-9260 MEDIUM - 6.2

Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Vendor: canon
Product: eos_network_setting_tool
Published: Jun 16, 2026
Source: NVD
CVE-2026-9259 MEDIUM - 6.5

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Vendor: canon
Product: eos_network_setting_tool
Published: Jun 16, 2026
Source: NVD
CVE-2026-9258 MEDIUM - 6.5

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Vendor: canon
Product: eos_network_setting_tool
Published: Jun 16, 2026
Source: NVD
CVE-2026-48157 MEDIUM - 6.1

Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle() and/or setDescription() to include untrusted/request-derived data in the error title or description (e.g. "No products fou...

Vendor: slimphp
Product: Slim
Published: Jun 15, 2026
Source: NVD
CVE-2026-49775 MEDIUM - 6.5

Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.

Vendor: info@welcart
Product: Welcart e-Commerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-49773 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

Vendor: FolioVision
Product: FV Flowplayer Video Player
Published: Jun 15, 2026
Source: NVD
CVE-2026-49043 MEDIUM - 4.7

Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.

Vendor: WP Engine
Product: WP Migrate Lite
Published: Jun 15, 2026
Source: NVD
CVE-2026-48965 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.

Vendor: watchful
Product: XCloner
Published: Jun 15, 2026
Source: NVD
CVE-2026-48887 MEDIUM - 6.5

Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.

Vendor: Ahmad
Product: JS Help Desk
Published: Jun 15, 2026
Source: NVD
CVE-2026-48880 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.

Vendor: Ahmad
Product: WP Job Portal
Published: Jun 15, 2026
Source: NVD
CVE-2026-48878 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.

Vendor: Bootstrapped Ventures
Product: Visual Link Preview
Published: Jun 15, 2026
Source: NVD
CVE-2026-48870 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.

Vendor: King Addons
Product: King Addons for Elementor
Published: Jun 15, 2026
Source: NVD
CVE-2026-48518 MEDIUM - 4.3

MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint (POST /multi-juicer/api/teams/{team}/join) accepted requests with any Content-Type, including text/plain. Because th...

Vendor: juice-shop
Product: multi-juicer
Published: Jun 15, 2026
Source: NVD
CVE-2026-42752 MEDIUM - 6.5

Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.

Vendor: mra13 / Team Tips and Tricks HQ
Product: Stripe Payments
Published: Jun 15, 2026
Source: NVD
CVE-2026-42743 MEDIUM - 6.5

Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.

Vendor: ThemeGrill
Product: Masteriyo - LMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-42688 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.

Vendor: WP Chill
Product: Modula Image Gallery
Published: Jun 15, 2026
Source: NVD
CVE-2026-42663 MEDIUM - 6.5

Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.

Vendor: wp.insider
Product: Simple Membership
Published: Jun 15, 2026
Source: NVD
CVE-2026-42662 MEDIUM - 6.5

Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.

Vendor: Liquid Web / StellarWP
Product: Event Tickets
Published: Jun 15, 2026
Source: NVD
CVE-2026-42660 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions.

Vendor: Wasiliy Strecker
Product: Contest Gallery
Published: Jun 15, 2026
Source: NVD
CVE-2026-42659 MEDIUM - 6.5

Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.

Vendor: Nasir Ahmed
Product: Advanced Form Integration
Published: Jun 15, 2026
Source: NVD