Total CVEs

144,294

Critical Severity

4,165

High Severity

14,995

Last 7 Days

1,607
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,841 - 3,860 of 40,699 CVEs
CVE-2026-57333 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.

Vendor: Spencer Haws
Product: Link Whisper Free
Published: Jun 29, 2026
Source: NVD
CVE-2026-57332 HIGH - 7.1

Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.

Vendor: WP Swings
Product: Wallet System for WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57331 CRITICAL - 9.9

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.

Vendor: videowhisper
Product: Paid Videochat Turnkey Site
Published: Jun 29, 2026
Source: NVD
CVE-2026-57330 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.

Vendor: Stylemix
Product: MasterStudy LMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-57329 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

Vendor: WOOCOMMERCE DESIGNER PRO
Product: WooCommerce Designer Pro
Published: Jun 29, 2026
Source: NVD
CVE-2026-57328 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57327 MEDIUM - 6.3

Subscriber Broken Access Control in MainWP <= 6.1.1 versions.

Vendor: mainwp
Product: MainWP
Published: Jun 29, 2026
Source: NVD
CVE-2026-57326 MEDIUM - 6.1

Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57320 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.

Vendor: RealMag777
Product: BEAR
Published: Jun 29, 2026
Source: NVD
CVE-2026-56290 CRITICAL - 9.8

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Vendor: joomlack.fr
Product: JoomlaCK.fr Page Builder CK extension for Joomla
Published: Jun 29, 2026
Source: NVD
CVE-2026-56124 HIGH - 7.5

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete ...

Vendor: shimosyan
Product: phpUploader
Published: Jun 29, 2026
Source: NVD
CVE-2026-55844 HIGH - 7.5

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to be ...

Vendor: home-assistant
Product: core
Published: Jun 29, 2026
Source: NVD
CVE-2026-55607 HIGH - 8.8

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git f...

Vendor: anthropic
Product: claude_code
Published: Jun 29, 2026
Source: NVD
CVE-2026-49049 HIGH - 7.5

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.

Vendor: ollyo
Product: helix3
Published: Jun 29, 2026
Source: NVD
CVE-2026-13579 MEDIUM - 6.3

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The exploit...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13578 MEDIUM - 6.3

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The exploit ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the l...

Vendor: llvm
Product: llvm-project
Published: Jun 29, 2026
Source: NVD

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploi...

Vendor: llvm
Product: llvm-project
Published: Jun 29, 2026
Source: NVD
CVE-2026-13572 MEDIUM - 6.3

A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of the argument patientid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been dis...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13571 MEDIUM - 5.3

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published a...

Vendor: SourceCodester
Product: Simple Food Ordering System
Published: Jun 29, 2026
Source: NVD