Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 4,301 - 4,320 of 37,697 CVEs
CVE-2026-49774 CRITICAL - 9.9

Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.

Vendor: Filipe Nasc
Product: RD Station
Published: Jun 16, 2026
Source: NVD
CVE-2026-49772 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2.

Vendor: Liquid Web / StellarWP
Product: The Events Calendar
Published: Jun 16, 2026
Source: NVD
CVE-2026-40809 MEDIUM - 6.5

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1.

Vendor: Rara Themes
Product: Metro Magazine
Published: Jun 16, 2026
Source: NVD
CVE-2026-39581 HIGH - 8.5

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.

Vendor: activity-log.com
Product: WP Sessions Time Monitoring Full Automatic
Published: Jun 16, 2026
Source: NVD
CVE-2026-39574 CRITICAL - 9.3

Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.

Vendor: RealMag777
Product: InPost Gallery
Published: Jun 16, 2026
Source: NVD
CVE-2026-39490 HIGH - 7.5

Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.

Vendor: artbees
Product: JupiterX Core
Published: Jun 16, 2026
Source: NVD
CVE-2026-39437 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions.

Vendor: WPFactory
Product: Min Max Step Quantity Limits Manager for WooCommerce
Published: Jun 16, 2026
Source: NVD
CVE-2026-2381 MEDIUM - 6.5

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or order_key verification when...

Published: Jun 16, 2026
Source: NVD

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.

Vendor: Moxa
Product: NPort 6000-G2 Series
Published: Jun 16, 2026
Source: NVD
CVE-2025-68045 HIGH - 7.5

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.

Vendor: Arraytics
Product: WP Event SOlution
Published: Jun 16, 2026
Source: NVD
CVE-2026-8444 HIGH - 8.8

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type ca...

Published: Jun 16, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime hea...

Vendor: Linux
Product: Linux
Published: Jun 16, 2026
Source: NVD
CVE-2026-10093 MEDIUM - 6.4

The File Sharing & Download Manager โ€“ User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for aut...

Vendor: deepakkite
Product: Secure Client Portal and Private File Sharing Plugin โ€“ User Private Files
Published: Jun 16, 2026
Source: NVD
CVE-2025-9912 MEDIUM - 6.3

Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege.

Published: Jun 16, 2026
Source: NVD
CVE-2026-9187 MEDIUM - 5.3

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the action__remove_abandoned() function, which is registered to both the wp_ajax_re...

Published: Jun 16, 2026
Source: NVD
CVE-2026-8443 HIGH - 8.8

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes() on user-supplied JSON strin...

Published: Jun 16, 2026
Source: NVD
CVE-2026-6933 HIGH - 8.8

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with th...

Published: Jun 16, 2026
Source: NVD
CVE-2026-5149 MEDIUM - 6.5

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission data. This makes it pos...

Published: Jun 16, 2026
Source: NVD
CVE-2026-50255 MEDIUM - 6.7

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges.

Vendor: Sony Corporation
Product: Optical Disc Archive Software for Windows
Published: Jun 16, 2026
Source: NVD
CVE-2026-10780 MEDIUM - 4.3

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the static_block_content() shortcode handler retrieving a post via get_post() using an attacker-supplied 'id' attribute and outputting its post_...

Vendor: mohammadtanzilurrahman
Product: Static Block
Published: Jun 16, 2026
Source: NVD