Total CVEs

138,210

Critical Severity

3,547

High Severity

12,695

Last 7 Days

1,888
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 361 - 380 of 12,881 CVEs
CVE-2026-42657 MEDIUM - 5.3

Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions.

Vendor: Wasiliy Strecker
Product: Contest Gallery
Published: Jun 15, 2026
Source: NVD
CVE-2026-42656 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.

Vendor: Wasiliy Strecker
Product: Contest Gallery
Published: Jun 15, 2026
Source: NVD
CVE-2026-42655 MEDIUM - 5.9

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.

Vendor: WPManageNinja
Product: Best Payments Plugin for WP
Published: Jun 15, 2026
Source: NVD
CVE-2026-42651 MEDIUM - 6.3

Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.

Vendor: Mamunur Rashid
Product: Classified Listing
Published: Jun 15, 2026
Source: NVD
CVE-2026-42640 MEDIUM - 6.5

Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.

Vendor: Mamunur Rashid
Product: Classified Listing
Published: Jun 15, 2026
Source: NVD
CVE-2026-42378 MEDIUM - 6.5

Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.

Vendor: Themeisle
Product: WP Full Stripe Free
Published: Jun 15, 2026
Source: NVD
CVE-2026-41556 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.

Vendor: properfraction
Product: ProfilePress
Published: Jun 15, 2026
Source: NVD
CVE-2026-40799 MEDIUM - 5.3

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.

Vendor: RelyWP
Product: Simple Cloudflare Turnstile
Published: Jun 15, 2026
Source: NVD
CVE-2026-40796 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.

Vendor: ollybach
Product: WPPizza
Published: Jun 15, 2026
Source: NVD
CVE-2026-40795 MEDIUM - 6.5

Subscriber Broken Access Control in Amelia <= 2.2 versions.

Vendor: TMS
Product: Amelia
Published: Jun 15, 2026
Source: NVD
CVE-2026-40794 MEDIUM - 6.5

Subscriber Broken Access Control in myCred <= 3.0.3 versions.

Vendor: myCred
Product: myCred
Published: Jun 15, 2026
Source: NVD
CVE-2026-40793 MEDIUM - 6.5

Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.

Vendor: Groundhogg
Product: Groundhogg
Published: Jun 15, 2026
Source: NVD
CVE-2026-40792 MEDIUM - 6.3

Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions.

Vendor: Iqonic Design
Product: KiviCare
Published: Jun 15, 2026
Source: NVD
CVE-2026-40790 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.

Vendor: VeronaLabs
Product: WP SMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-40782 MEDIUM - 6.5

Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.

Vendor: Greg Winiarski
Product: WPAdverts
Published: Jun 15, 2026
Source: NVD
CVE-2026-40773 MEDIUM - 6.5

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.

Vendor: rtCamp Inc.
Product: rtMedia for WordPress, BuddyPress and bbPress
Published: Jun 15, 2026
Source: NVD
CVE-2026-40743 MEDIUM - 6.5

Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

Vendor: Themeum
Product: Tutor LMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-39594 MEDIUM - 6.4

Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.

Vendor: Themefic
Product: Ultra Addons for WPForms
Published: Jun 15, 2026
Source: NVD
CVE-2026-39584 MEDIUM - 6.5

Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.

Vendor: Webful Creations
Product: RepairBuddy
Published: Jun 15, 2026
Source: NVD
CVE-2026-39540 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.

Vendor: Amit Mittal
Product: Shipment Tracker for Woocommerce
Published: Jun 15, 2026
Source: NVD