Total CVEs

138,363

Critical Severity

3,557

High Severity

12,776

Last 7 Days

1,960
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 581 - 600 of 34,768 CVEs
CVE-2026-8317

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 17, 2026
Source: NVD
CVE-2026-8089 HIGH - 7.1

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated att...

Published: Jun 17, 2026
Source: NVD
CVE-2026-7850 MEDIUM - 5.9

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks agains...

Published: Jun 17, 2026
Source: NVD
CVE-2026-5667

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Packaged Air Conditioners (for Japan and outside Japan); Refrigerators (for...

Published: Jun 17, 2026
Source: NVD
CVE-2026-55706 MEDIUM - 5.8

sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.

Vendor: OpenBSD
Product: OpenBSD
Published: Jun 17, 2026
Source: NVD
CVE-2026-54811 CRITICAL - 9.3

Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.

Vendor: Tips and Tricks HQ
Product: WP eMember
Published: Jun 17, 2026
Source: NVD
CVE-2026-54807 CRITICAL - 9.8

Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.

Vendor: ThemeGrill
Product: Registration Form for WooCommerce
Published: Jun 17, 2026
Source: NVD
CVE-2026-54806 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

Vendor: Melapress
Product: WP Activity Log
Published: Jun 17, 2026
Source: NVD
CVE-2026-54805 HIGH - 8.8

Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

Vendor: sbouey
Product: Falang multilanguage
Published: Jun 17, 2026
Source: NVD
CVE-2026-54804 HIGH - 7.6

Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

Vendor: melhorenvio
Product: Melhor Envio
Published: Jun 17, 2026
Source: NVD
CVE-2026-54803 CRITICAL - 9.8

Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

Vendor: Cozy Vision Technologies Pvt. Ltd.
Product: SMS Alert Order Notifications
Published: Jun 17, 2026
Source: NVD
CVE-2026-54802 HIGH - 7.5

Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

Vendor: Cozy Vision Technologies Pvt. Ltd.
Product: SMS Alert Order Notifications
Published: Jun 17, 2026
Source: NVD
CVE-2026-54196 MEDIUM - 6.8

Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

Vendor: Jetmonsters
Product: JetFormBuilder
Published: Jun 17, 2026
Source: NVD
CVE-2026-54195 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

Vendor: Jetmonsters
Product: JetFormBuilder
Published: Jun 17, 2026
Source: NVD
CVE-2026-54194 CRITICAL - 9.8

Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Jun 17, 2026
Source: NVD
CVE-2026-54192 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.

Vendor: Ays Pro
Product: Popup box
Published: Jun 17, 2026
Source: NVD
CVE-2026-54189 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-54188 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-54187 CRITICAL - 9.3

Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-54186 CRITICAL - 9.3

Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.

Vendor: eyecix
Product: JobSearch
Published: Jun 17, 2026
Source: NVD