Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,761 - 3,780 of 37,942 CVEs
CVE-2026-54807 CRITICAL - 9.8

Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.

Vendor: ThemeGrill
Product: Registration Form for WooCommerce
Published: Jun 17, 2026
Source: NVD
CVE-2026-54806 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

Vendor: Melapress
Product: WP Activity Log
Published: Jun 17, 2026
Source: NVD
CVE-2026-54805 HIGH - 8.8

Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

Vendor: sbouey
Product: Falang multilanguage
Published: Jun 17, 2026
Source: NVD
CVE-2026-54804 HIGH - 7.6

Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

Vendor: melhorenvio
Product: Melhor Envio
Published: Jun 17, 2026
Source: NVD
CVE-2026-54803 CRITICAL - 9.8

Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

Vendor: Cozy Vision Technologies Pvt. Ltd.
Product: SMS Alert Order Notifications
Published: Jun 17, 2026
Source: NVD
CVE-2026-54802 HIGH - 7.5

Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

Vendor: Cozy Vision Technologies Pvt. Ltd.
Product: SMS Alert Order Notifications
Published: Jun 17, 2026
Source: NVD
CVE-2026-54196 MEDIUM - 6.8

Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

Vendor: Jetmonsters
Product: JetFormBuilder
Published: Jun 17, 2026
Source: NVD
CVE-2026-54195 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

Vendor: Jetmonsters
Product: JetFormBuilder
Published: Jun 17, 2026
Source: NVD
CVE-2026-54194 CRITICAL - 9.8

Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Jun 17, 2026
Source: NVD
CVE-2026-54192 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.

Vendor: Ays Pro
Product: Popup box
Published: Jun 17, 2026
Source: NVD
CVE-2026-54189 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-54188 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-54187 CRITICAL - 9.3

Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-54186 CRITICAL - 9.3

Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.

Vendor: eyecix
Product: JobSearch
Published: Jun 17, 2026
Source: NVD
CVE-2026-54185 HIGH - 8.5

Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

Vendor: THEMECO
Product: Cornerstone
Published: Jun 17, 2026
Source: NVD
CVE-2026-54184 HIGH - 8.2

Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.

Vendor: Alberto Hornero
Product: Clean Login
Published: Jun 17, 2026
Source: NVD
CVE-2026-53876 HIGH - 7.2

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator.

Vendor: Micro-Star International Co., Ltd.
Product: RadiX AX6600 WiFi 6 Tri-Band Gaming Router
Published: Jun 17, 2026
Source: NVD
CVE-2026-52706 CRITICAL - 9.8

Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-52705 CRITICAL - 9.0

Unauthenticated Arbitrary File Upload in SigmaForms Pro โ€“ AI Generated Forms <= 1.4.5 versions.

Vendor: BDthemes
Product: SigmaForms Pro โ€“ AI Generated Forms
Published: Jun 17, 2026
Source: NVD
CVE-2026-52698 HIGH - 7.4

Subscriber Sensitive Data Exposure in PushEngage โ€“ Web Push Notifications, eCommerce Automation &amp; Chat Widget <= 4.2.3 versions.

Vendor: Syed Balkhi
Product: PushEngage โ€“ Web Push Notifications, eCommerce Automation &amp; Chat Widget
Published: Jun 17, 2026
Source: NVD