Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,309
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 5,721 - 5,740 of 42,117 CVEs
CVE-2026-54839 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.

Vendor: kingaddons
Product: Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups
Published: Jun 26, 2026
Source: NVD
CVE-2026-54837 HIGH - 7.5

Unauthenticated Broken Access Control in Intranet &amp; Private Site &#8211; All-In-One Intranet <= 1.8.1 versions.

Vendor: Syed Balkhi
Product: Intranet &amp; Private Site &#8211; All-In-One Intranet
Published: Jun 26, 2026
Source: NVD
CVE-2026-54835 HIGH - 7.5

Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.

Vendor: Rustaurius
Product: Five Star Restaurant Menu
Published: Jun 26, 2026
Source: NVD
CVE-2026-54834 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.

Vendor: fpuenteonline
Product: Object Cache 4 everyone
Published: Jun 26, 2026
Source: NVD
CVE-2026-54833 HIGH - 7.4

Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.

Vendor: Dev Kabir
Product: Enable CORS
Published: Jun 26, 2026
Source: NVD
CVE-2026-54832 HIGH - 7.5

Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.

Vendor: Jegstudio
Product: Gutenverse Companion
Published: Jun 26, 2026
Source: NVD
CVE-2026-54831 CRITICAL - 9.3

Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.

Vendor: Paolo
Product: GeoDirectory
Published: Jun 26, 2026
Source: NVD
CVE-2026-54827 CRITICAL - 9.3

Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.

Vendor: contempoinc
Product: Real Estate 7
Published: Jun 26, 2026
Source: NVD
CVE-2026-54826 HIGH - 7.6

Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.

Vendor: PSM Plugins
Product: SupportCandy
Published: Jun 26, 2026
Source: NVD
CVE-2026-54825 CRITICAL - 9.3

Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.

Vendor: wpDataTables
Product: wpDataTables
Published: Jun 26, 2026
Source: NVD
CVE-2026-54824 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.

Vendor: Ads WPQuads
Product: Ads by WPQuads
Published: Jun 26, 2026
Source: NVD
CVE-2026-54820 CRITICAL - 9.3

Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.

Vendor: Crocoblock. Jetimpex Inc.
Product: JetBooking
Published: Jun 26, 2026
Source: NVD
CVE-2026-52701 MEDIUM - 6.5

Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.

Vendor: Themegrill
Product: User Registration
Published: Jun 26, 2026
Source: NVD
CVE-2026-4339 MEDIUM - 6.5

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request f...

Vendor: mattermost
Product: mattermost_server
Published: Jun 26, 2026
Source: NVD
CVE-2026-45257 HIGH - 7.8

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT...

Vendor: freebsd
Product: freebsd
Published: Jun 26, 2026
Source: NVD
CVE-2026-45256 MEDIUM - 5.5

When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error ...

Vendor: freebsd
Product: freebsd
Published: Jun 26, 2026
Source: NVD
CVE-2026-3472 LOW - 3.5

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image synta...

Vendor: mattermost
Product: mattermost_server
Published: Jun 26, 2026
Source: NVD
CVE-2026-30041 HIGH - 7.5

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.

Published: Jun 26, 2026
Source: NVD
CVE-2026-30040 MEDIUM - 6.5

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 (JP2) file.

Published: Jun 26, 2026
Source: NVD
CVE-2026-24547 MEDIUM - 5.3

Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.

Vendor: SiteGround
Product: SiteGround Email Marketing
Published: Jun 26, 2026
Source: NVD