Total CVEs

144,278

Critical Severity

4,164

High Severity

14,985

Last 7 Days

1,612
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,821 - 3,840 of 40,683 CVEs
CVE-2026-57337 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.

Vendor: PluginOps
Product: Landing Page Builder
Published: Jun 29, 2026
Source: NVD
CVE-2026-57336 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.

Vendor: Astoundify
Product: Jobify
Published: Jun 29, 2026
Source: NVD
CVE-2026-57335 MEDIUM - 6.5

Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.

Vendor: Ads WPQuads
Product: Ads by WPQuads
Published: Jun 29, 2026
Source: NVD
CVE-2026-57334 MEDIUM - 6.5

Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.

Vendor: weDevs
Product: WP User Frontend
Published: Jun 29, 2026
Source: NVD
CVE-2026-57333 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.

Vendor: Spencer Haws
Product: Link Whisper Free
Published: Jun 29, 2026
Source: NVD
CVE-2026-57332 HIGH - 7.1

Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.

Vendor: WP Swings
Product: Wallet System for WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57331 CRITICAL - 9.9

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.

Vendor: videowhisper
Product: Paid Videochat Turnkey Site
Published: Jun 29, 2026
Source: NVD
CVE-2026-57330 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.

Vendor: Stylemix
Product: MasterStudy LMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-57329 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

Vendor: WOOCOMMERCE DESIGNER PRO
Product: WooCommerce Designer Pro
Published: Jun 29, 2026
Source: NVD
CVE-2026-57328 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57327 MEDIUM - 6.3

Subscriber Broken Access Control in MainWP <= 6.1.1 versions.

Vendor: mainwp
Product: MainWP
Published: Jun 29, 2026
Source: NVD
CVE-2026-57326 MEDIUM - 6.1

Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57320 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.

Vendor: RealMag777
Product: BEAR
Published: Jun 29, 2026
Source: NVD
CVE-2026-56290 CRITICAL - 9.8

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Vendor: joomlack.fr
Product: JoomlaCK.fr Page Builder CK extension for Joomla
Published: Jun 29, 2026
Source: NVD
CVE-2026-56124 HIGH - 7.5

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete ...

Vendor: shimosyan
Product: phpUploader
Published: Jun 29, 2026
Source: NVD
CVE-2026-55844 HIGH - 7.5

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to be ...

Vendor: home-assistant
Product: core
Published: Jun 29, 2026
Source: NVD
CVE-2026-55607 HIGH - 8.8

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git f...

Vendor: anthropic
Product: claude_code
Published: Jun 29, 2026
Source: NVD
CVE-2026-49049 HIGH - 7.5

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.

Vendor: ollyo
Product: helix3
Published: Jun 29, 2026
Source: NVD
CVE-2026-13579 MEDIUM - 6.3

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The exploit...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13578 MEDIUM - 6.3

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The exploit ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD