Total CVEs

145,845

Critical Severity

4,280

High Severity

15,756

Last 7 Days

2,189
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 5,381 - 5,400 of 42,250 CVEs
CVE-2026-13437 MEDIUM - 6.5

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API resp...

Vendor: devolutions
Product: powershell_universal
Published: Jun 29, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 29, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 29, 2026
Source: NVD
CVE-2026-57341 MEDIUM - 6.5

Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

Vendor: Colissimo
Product: Colissimo Officiel : Méthodes de livraison pour WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57340 MEDIUM - 6.5

Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.

Vendor: shohei.tanaka
Product: Japanized For WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57339 MEDIUM - 6.5

Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57338 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.

Vendor: Repute InfoSystems
Product: ARForms
Published: Jun 29, 2026
Source: NVD
CVE-2026-57337 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.

Vendor: PluginOps
Product: Landing Page Builder
Published: Jun 29, 2026
Source: NVD
CVE-2026-57336 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.

Vendor: Astoundify
Product: Jobify
Published: Jun 29, 2026
Source: NVD
CVE-2026-57335 MEDIUM - 6.5

Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.

Vendor: Ads WPQuads
Product: Ads by WPQuads
Published: Jun 29, 2026
Source: NVD
CVE-2026-57334 MEDIUM - 6.5

Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.

Vendor: weDevs
Product: WP User Frontend
Published: Jun 29, 2026
Source: NVD
CVE-2026-57333 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.

Vendor: Spencer Haws
Product: Link Whisper Free
Published: Jun 29, 2026
Source: NVD
CVE-2026-57332 HIGH - 7.1

Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.

Vendor: WP Swings
Product: Wallet System for WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57331 CRITICAL - 9.9

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.

Vendor: videowhisper
Product: Paid Videochat Turnkey Site
Published: Jun 29, 2026
Source: NVD
CVE-2026-57330 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.

Vendor: Stylemix
Product: MasterStudy LMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-57329 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

Vendor: WOOCOMMERCE DESIGNER PRO
Product: WooCommerce Designer Pro
Published: Jun 29, 2026
Source: NVD
CVE-2026-57328 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57327 MEDIUM - 6.3

Subscriber Broken Access Control in MainWP <= 6.1.1 versions.

Vendor: mainwp
Product: MainWP
Published: Jun 29, 2026
Source: NVD
CVE-2026-57326 MEDIUM - 6.1

Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57320 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.

Vendor: RealMag777
Product: BEAR
Published: Jun 29, 2026
Source: NVD