Browse CVEs | Page 18

Total CVEs

140,315

Critical Severity

3,712

High Severity

13,361

Last 7 Days

1,805

Clear Filters

📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →

Showing 341 - 360 of 36,720 CVEs

CVE-2026-30041 HIGH - 7.5

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.

Published: Jun 26, 2026

Source: NVD

CVE-2026-30040 MEDIUM - 6.5

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 (JP2) file.

Published: Jun 26, 2026

Source: NVD

CVE-2026-24547 MEDIUM - 5.3

Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.

Vendor: SiteGround

Product: SiteGround Email Marketing

Published: Jun 26, 2026

Source: NVD

CVE-2025-68075 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions.

Vendor: Kerry

Product: BNE Testimonials

Published: Jun 26, 2026

Source: NVD

CVE-2025-68074 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.

Vendor: GhozyLab

Product: Image Carousel

Published: Jun 26, 2026

Source: NVD

CVE-2025-68064 HIGH - 7.5

Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.

Vendor: Everthemess

Product: Goya Core

Published: Jun 26, 2026

Source: NVD

CVE-2025-68063 HIGH - 7.5

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions.

Vendor: StylemixThemes

Product: Splash - Sport Club WordPress Theme for Basketball, Football, Hockey

Published: Jun 26, 2026

Source: NVD

CVE-2025-68052 HIGH - 8.8

Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.

Vendor: Eagle-Themes

Product: Eagle Booking

Published: Jun 26, 2026

Source: NVD

CVE-2025-66123 MEDIUM - 5.3

Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.

Vendor: About Envato

Product: BookPro

Published: Jun 26, 2026

Source: NVD

CVE-2025-64637 MEDIUM - 5.3

Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.

Vendor: Opal_WP

Product: Auros Core

Published: Jun 26, 2026

Source: NVD

CVE-2025-64636 MEDIUM - 5.3

Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions.

Vendor: rhewlif

Product: Donation Thermometer

Published: Jun 26, 2026

Source: NVD

CVE-2025-63079 MEDIUM - 4.3

Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.

Vendor: bdthemes

Product: Live Copy Paste for Elementor

Published: Jun 26, 2026

Source: NVD

CVE-2025-63078 MEDIUM - 4.3

Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions.

Vendor: jetmonsters

Product: Restaurant Menu by MotoPress

Published: Jun 26, 2026

Source: NVD

CVE-2025-63041 MEDIUM - 5.4

Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.

Vendor: Code Amp

Product: Forget About Shortcode Buttons

Published: Jun 26, 2026

Source: NVD

CVE-2026-57940

HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly to file_get_contents() without any validation. An authenticated attacker with administrative privile...

Vendor: danpros

Product: HTMLy

Published: Jun 26, 2026

Source: NVD

CVE-2026-57926 LOW - 2.6

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack

Vendor: JetBrains

Product: YouTrack

Published: Jun 26, 2026

Source: NVD

CVE-2026-57925 MEDIUM - 4.3

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags

Vendor: JetBrains

Product: YouTrack

Published: Jun 26, 2026

Source: NVD

CVE-2026-57924 MEDIUM - 4.3

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details

Vendor: JetBrains

Product: YouTrack

Published: Jun 26, 2026

Source: NVD

CVE-2026-57923 MEDIUM - 5.3

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings

Vendor: JetBrains

Product: YouTrack

Published: Jun 26, 2026

Source: NVD

CVE-2026-57922 LOW - 3.1

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible

Vendor: JetBrains

Product: YouTrack

Published: Jun 26, 2026

Source: NVD

« Previous 16 17 18 19 20 Next »