Total CVEs

138,466

Critical Severity

3,569

High Severity

12,817

Last 7 Days

1,987
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 601 - 620 of 34,871 CVEs
CVE-2026-54816 HIGH - 7.5

Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21.

Vendor: Monetizemore
Product: Advanced Ads
Published: Jun 17, 2026
Source: NVD
CVE-2026-54815 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6.

Vendor: Cargo RD
Product: Cargo Shipping Location for WooCommerce
Published: Jun 17, 2026
Source: NVD
CVE-2026-54814 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109.

Vendor: StylemixThemes
Product: Motors
Published: Jun 17, 2026
Source: NVD
CVE-2026-54813 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0.

Vendor: Brainstorm Force
Product: SureDash
Published: Jun 17, 2026
Source: NVD
CVE-2026-54809 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10.

Vendor: VillaTheme
Product: GIFT4U
Published: Jun 17, 2026
Source: NVD
CVE-2026-54808 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.

Vendor: WP Travel
Product: WP Travel Gutenberg Blocks
Published: Jun 17, 2026
Source: NVD
CVE-2026-54417 HIGH - 7.5

An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof...

Vendor: rxi
Product: microtar
Published: Jun 17, 2026
Source: NVD
CVE-2026-54193 HIGH - 7.7

Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Jun 17, 2026
Source: NVD
CVE-2026-52716 MEDIUM - 6.5

Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.

Vendor: purethemes
Product: WorkScout-Core
Published: Jun 17, 2026
Source: NVD
CVE-2026-52707 HIGH - 8.1

Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.

Vendor: Mikado-Themes
Product: Kastell
Published: Jun 17, 2026
Source: NVD
CVE-2026-49268 CRITICAL - 9.1

A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate the...

Vendor: Apache Software Foundation
Product: Apache Shiro
Published: Jun 17, 2026
Source: NVD
CVE-2026-49108 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Moderno < 1.43 versions.

Vendor: park_of_ideas
Product: Moderno
Published: Jun 17, 2026
Source: NVD
CVE-2026-40757 HIGH - 8.1

Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.

Vendor: Mikado-Themes
Product: Château
Published: Jun 17, 2026
Source: NVD
CVE-2026-40756 HIGH - 8.1

Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

Vendor: Mikado-Themes
Product: Zoya
Published: Jun 17, 2026
Source: NVD
CVE-2026-40752 HIGH - 8.1

Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.

Vendor: Select-Themes
Product: Manufaktur Solutions
Published: Jun 17, 2026
Source: NVD
CVE-2026-40738 HIGH - 8.1

Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.

Vendor: Edge-Themes
Product: Eldon
Published: Jun 17, 2026
Source: NVD
CVE-2026-40733 HIGH - 8.1

Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.

Vendor: Mikado-Themes
Product: ShiftUp
Published: Jun 17, 2026
Source: NVD
CVE-2026-40720 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.

Vendor: Royal Elementor Addons
Product: Royal Elementor Addons Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39590 HIGH - 8.1

Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.

Vendor: ThemeMove
Product: Atomlab
Published: Jun 17, 2026
Source: NVD
CVE-2026-39576 HIGH - 8.1

Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.

Vendor: Elated-Themes
Product: SingleMalt
Published: Jun 17, 2026
Source: NVD