Total CVEs

137,287

Critical Severity

3,310

High Severity

12,270

Last 7 Days

1,306
Quick preset (or use dates below)
Clear Filters
Showing 21 - 40 of 3,310 CVEs
CVE-2026-48714 CRITICAL - 9.1

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys __proto__, constructor, and prototype (added in 3.9.3, see GHSA-5fgg-jcpf-8jjw), but did n...

Vendor: i18next
Product: i18next-http-middleware
Published: Jun 15, 2026
Source: NVD
CVE-2026-48713 CRITICAL - 9.1

Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input). Backend.writeFile() splits each queued missing-key string on the configu...

Vendor: i18next
Product: i18next-fs-backend
Published: Jun 15, 2026
Source: NVD
CVE-2026-12087 CRITICAL - 9.1

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-b...

Vendor: PEVANS
Product: Socket
Published: Jun 15, 2026
Source: NVD
CVE-2026-11832 CRITICAL - 9.1

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Vendor: BIAFRA
Product: Dancer2::Plugin::Auth::OAuth
Published: Jun 15, 2026
Source: NVD
CVE-2026-9691 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.

Published: Jun 15, 2026
Source: NVD
CVE-2026-52703 CRITICAL - 9.6

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

Vendor: Ninja Team
Product: FastDup
Published: Jun 15, 2026
Source: NVD
CVE-2026-52693 CRITICAL - 9.3

Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.

Vendor: impleCode
Product: eCommerce Product Catalog
Published: Jun 15, 2026
Source: NVD
CVE-2026-49781 CRITICAL - 9.8

Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.

Vendor: Brainstorm Force
Product: OttoKit
Published: Jun 15, 2026
Source: NVD
CVE-2026-49776 CRITICAL - 9.3

Unauthenticated SQL Injection in GPTranslate โ€“ Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.

Vendor: JExtensions Store
Product: GPTranslate โ€“ Multilingual AI Translation for WordPress: Automatically Translate Websites
Published: Jun 15, 2026
Source: NVD
CVE-2026-49770 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.

Vendor: WP Travel Engine
Product: WP Travel Engine
Published: Jun 15, 2026
Source: NVD
CVE-2026-49769 CRITICAL - 9.8

Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.

Vendor: Tomdever
Product: wpForo Forum
Published: Jun 15, 2026
Source: NVD
CVE-2026-49768 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.

Vendor: Happyforms
Product: Happyforms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49766 CRITICAL - 9.9

Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.

Vendor: WP User Manager
Product: WP User Manager
Published: Jun 15, 2026
Source: NVD
CVE-2026-49765 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.

Vendor: CRM Perks
Product: Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49764 CRITICAL - 9.8

Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.

Vendor: Metagauss
Product: RegistrationMagic
Published: Jun 15, 2026
Source: NVD
CVE-2026-49763 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.

Vendor: CRM Perks
Product: Integration for Contact Form 7 HubSpot
Published: Jun 15, 2026
Source: NVD
CVE-2026-49109 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.

Vendor: crm perks
Product: Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49106 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.

Vendor: CRM Perks
Product: Integration for Contact Form 7 and Constant Contact
Published: Jun 15, 2026
Source: NVD
CVE-2026-49105 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

Vendor: CRM Perks
Product: WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49104 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.

Vendor: CRM Perks
Product: Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
Published: Jun 15, 2026
Source: NVD