Total CVEs

138,417

Critical Severity

3,561

High Severity

12,797

Last 7 Days

1,955
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 701 - 720 of 34,822 CVEs
CVE-2026-40768 HIGH - 7.3

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.

Vendor: Dimitri Grassi
Product: Salon booking system
Published: Jun 17, 2026
Source: NVD
CVE-2026-40765 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.

Vendor: collectchat
Product: collectchat
Published: Jun 17, 2026
Source: NVD
CVE-2026-40761 HIGH - 8.1

Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.

Vendor: Edge-Themes
Product: Valeska
Published: Jun 17, 2026
Source: NVD
CVE-2026-40760 HIGH - 8.1

Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

Vendor: Edge-Themes
Product: Behold
Published: Jun 17, 2026
Source: NVD
CVE-2026-40759 HIGH - 8.1

Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

Vendor: Mikado-Themes
Product: Esmée
Published: Jun 17, 2026
Source: NVD
CVE-2026-40758 HIGH - 8.1

Unauthenticated PHP Object Injection in LĂ©onie <= 1.2.1 versions.

Vendor: Elated-Themes
Product: LĂ©onie
Published: Jun 17, 2026
Source: NVD
CVE-2026-40755 HIGH - 8.1

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Vendor: Mikado-Themes
Product: TechLink
Published: Jun 17, 2026
Source: NVD
CVE-2026-40754 HIGH - 8.1

Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

Vendor: Elated-Themes
Product: Roisin
Published: Jun 17, 2026
Source: NVD
CVE-2026-40753 HIGH - 8.1

Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.

Vendor: Mikado-Themes
Product: EasyMeals
Published: Jun 17, 2026
Source: NVD
CVE-2026-40751 HIGH - 8.1

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Vendor: Mikado-Themes
Product: Ashtanga
Published: Jun 17, 2026
Source: NVD
CVE-2026-40749 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.

Vendor: themagnifico52
Product: Charity Zone
Published: Jun 17, 2026
Source: NVD
CVE-2026-40748 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.

Vendor: themagnifico52
Product: Kids Gift Shop
Published: Jun 17, 2026
Source: NVD
CVE-2026-40747 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.

Vendor: themagnifico52
Product: Ecommerce Zone
Published: Jun 17, 2026
Source: NVD
CVE-2026-40746 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.

Vendor: themagnifico52
Product: Restaurant Zone
Published: Jun 17, 2026
Source: NVD
CVE-2026-40739 HIGH - 8.1

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Vendor: Mikado-Themes
Product: LuxeDrive
Published: Jun 17, 2026
Source: NVD
CVE-2026-40736 HIGH - 8.1

Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

Vendor: Edge-Themes
Product: Laurits
Published: Jun 17, 2026
Source: NVD
CVE-2026-40735 HIGH - 8.1

Unauthenticated PHP Object Injection in Reina <= 2.1 versions.

Vendor: Edge-Themes
Product: Reina
Published: Jun 17, 2026
Source: NVD
CVE-2026-40731 HIGH - 8.1

Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.

Vendor: Mikado-Themes
Product: ChapterOne
Published: Jun 17, 2026
Source: NVD
CVE-2026-40726 HIGH - 8.2

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.

Vendor: ThemeGrill
Product: User Registration Stripe
Published: Jun 17, 2026
Source: NVD
CVE-2026-40725 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.

Vendor: Barn2 Media Ltd
Product: WooCommerce Product Filters
Published: Jun 17, 2026
Source: NVD