Total CVEs

145,743

Critical Severity

4,268

High Severity

15,733

Last 7 Days

2,316
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 5,281 - 5,300 of 42,148 CVEs

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 29, 2026
Source: NVD
CVE-2026-57341 MEDIUM - 6.5

Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

Vendor: Colissimo
Product: Colissimo Officiel : Méthodes de livraison pour WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57340 MEDIUM - 6.5

Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.

Vendor: shohei.tanaka
Product: Japanized For WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57339 MEDIUM - 6.5

Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57338 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.

Vendor: Repute InfoSystems
Product: ARForms
Published: Jun 29, 2026
Source: NVD
CVE-2026-57337 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.

Vendor: PluginOps
Product: Landing Page Builder
Published: Jun 29, 2026
Source: NVD
CVE-2026-57336 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.

Vendor: Astoundify
Product: Jobify
Published: Jun 29, 2026
Source: NVD
CVE-2026-57335 MEDIUM - 6.5

Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.

Vendor: Ads WPQuads
Product: Ads by WPQuads
Published: Jun 29, 2026
Source: NVD
CVE-2026-57334 MEDIUM - 6.5

Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.

Vendor: weDevs
Product: WP User Frontend
Published: Jun 29, 2026
Source: NVD
CVE-2026-57333 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.

Vendor: Spencer Haws
Product: Link Whisper Free
Published: Jun 29, 2026
Source: NVD
CVE-2026-57332 HIGH - 7.1

Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.

Vendor: WP Swings
Product: Wallet System for WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57331 CRITICAL - 9.9

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.

Vendor: videowhisper
Product: Paid Videochat Turnkey Site
Published: Jun 29, 2026
Source: NVD
CVE-2026-57330 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.

Vendor: Stylemix
Product: MasterStudy LMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-57329 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

Vendor: WOOCOMMERCE DESIGNER PRO
Product: WooCommerce Designer Pro
Published: Jun 29, 2026
Source: NVD
CVE-2026-57328 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57327 MEDIUM - 6.3

Subscriber Broken Access Control in MainWP <= 6.1.1 versions.

Vendor: mainwp
Product: MainWP
Published: Jun 29, 2026
Source: NVD
CVE-2026-57326 MEDIUM - 6.1

Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57320 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.

Vendor: RealMag777
Product: BEAR
Published: Jun 29, 2026
Source: NVD
CVE-2026-56290 CRITICAL - 9.8

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Vendor: joomlack.fr
Product: JoomlaCK.fr Page Builder CK extension for Joomla
Published: Jun 29, 2026
Source: NVD
CVE-2026-56124 HIGH - 7.5

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete ...

Vendor: shimosyan
Product: phpUploader
Published: Jun 29, 2026
Source: NVD