Total CVEs

138,463

Critical Severity

3,569

High Severity

12,815

Last 7 Days

1,995
Quick preset (or use dates below)
Clear Filters
Showing 681 - 700 of 12,815 CVEs
CVE-2026-48871 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

Vendor: Takashi Kitajima
Product: MW WP Form
Published: Jun 15, 2026
Source: NVD
CVE-2026-48868 HIGH - 7.5

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Vendor: mra13 / Team Tips and Tricks HQ
Product: Simple Shopping Cart
Published: Jun 15, 2026
Source: NVD
CVE-2026-48867 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

Vendor: ExpressTech
Product: Quiz And Survey Master
Published: Jun 15, 2026
Source: NVD
CVE-2026-48838 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.

Vendor: WPExperts
Product: Post SMTP
Published: Jun 15, 2026
Source: NVD
CVE-2026-48835 HIGH - 7.5

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

Vendor: Awesomemotive
Product: Contact Form by WPForms
Published: Jun 15, 2026
Source: NVD
CVE-2026-48708 HIGH - 7.5

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level variable in service/internal/tpl/templates.go) across all goroutines. Every action execution calls tpl....

Vendor: OliveTin
Product: OliveTin
Published: Jun 15, 2026
Source: NVD
CVE-2026-47825 HIGH - 8.6

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Sp...

Vendor: Spring
Product: Spring Cloud Gateway
Published: Jun 15, 2026
Source: NVD
CVE-2026-45441 HIGH - 7.5

Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.

Vendor: Magepeople inc.
Product: WpEvently
Published: Jun 15, 2026
Source: NVD
CVE-2026-45437 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions.

Vendor: Bhavin Thummar
Product: Product Filter Widget for Elementor
Published: Jun 15, 2026
Source: NVD
CVE-2026-42775 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.

Vendor: Ruben Garcia
Product: AutomatorWP
Published: Jun 15, 2026
Source: NVD
CVE-2026-42687 HIGH - 8.1

Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.

Vendor: EventPrime
Product: EventPrime
Published: Jun 15, 2026
Source: NVD
CVE-2026-42686 HIGH - 7.1

Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.

Vendor: EventPrime
Product: EventPrime
Published: Jun 15, 2026
Source: NVD
CVE-2026-42668 HIGH - 7.5

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.

Vendor: Omnisend
Product: Email Marketing for WooCommerce by Omnisend
Published: Jun 15, 2026
Source: NVD
CVE-2026-42667 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.

Vendor: Bookly
Product: Bookly
Published: Jun 15, 2026
Source: NVD
CVE-2026-42666 HIGH - 7.5

Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.

Vendor: Dimitri Grassi
Product: Salon booking system
Published: Jun 15, 2026
Source: NVD
CVE-2026-42664 HIGH - 8.2

Unauthenticated Broken Access Control in AI Product Search for WooCommerce &#8211; Motive Commerce Search <= 1.38.2 versions.

Vendor: Motive Commerce Search
Product: AI Product Search for WooCommerce &#8211; Motive Commerce Search
Published: Jun 15, 2026
Source: NVD
CVE-2026-42661 HIGH - 8.8

Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.

Vendor: aguilatechnologies
Product: WP Customer Area
Published: Jun 15, 2026
Source: NVD
CVE-2026-42658 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.

Vendor: Mamunur Rashid
Product: Classified Listing
Published: Jun 15, 2026
Source: NVD
CVE-2026-42650 HIGH - 7.2

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.

Vendor: Ruben Garcia
Product: AutomatorWP
Published: Jun 15, 2026
Source: NVD
CVE-2026-42649 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.

Vendor: Archetyped
Product: Favicon Rotator
Published: Jun 15, 2026
Source: NVD