Total CVEs

138,417

Critical Severity

3,561

High Severity

12,797

Last 7 Days

1,955
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 721 - 740 of 34,822 CVEs
CVE-2026-40724 MEDIUM - 6.5

CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.

Vendor: Client Portal Ltd.
Product: Client Portal (Pro)
Published: Jun 17, 2026
Source: NVD
CVE-2026-40723 MEDIUM - 4.3

Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.

Vendor: Bricks
Product: Bricks Builder
Published: Jun 17, 2026
Source: NVD
CVE-2026-40722 MEDIUM - 5.5

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6.

Vendor: Yoast BV
Product: Yoast SEO Premium
Published: Jun 17, 2026
Source: NVD
CVE-2026-40721 HIGH - 7.5

Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.

Vendor: BdThemes
Product: Element Pack Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39598 HIGH - 8.0

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.

Vendor: Kodezen LLC
Product: Academy LMS Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39597 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.

Vendor: WPZOOM
Product: WPZOOM Addons for Elementor
Published: Jun 17, 2026
Source: NVD
CVE-2026-39596 CRITICAL - 9.3

Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.

Vendor: Creative Themes
Product: Blocksy Companion Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39595 MEDIUM - 4.7

Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.

Vendor: BoldGrid
Product: W3 Total Cache
Published: Jun 17, 2026
Source: NVD
CVE-2026-39589 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.

Vendor: A WP Life
Product: Webenvo
Published: Jun 17, 2026
Source: NVD
CVE-2026-39582 HIGH - 8.1

Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.

Vendor: xtemos
Product: Hitek
Published: Jun 17, 2026
Source: NVD
CVE-2026-39580 HIGH - 8.1

Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

Vendor: Select-Themes
Product: Micdrop
Published: Jun 17, 2026
Source: NVD
CVE-2026-39578 MEDIUM - 5.5

Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.

Vendor: Elated-Themes
Product: Valiance
Published: Jun 17, 2026
Source: NVD
CVE-2026-39577 MEDIUM - 5.5

Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

Vendor: Elated-Themes
Product: Playroom
Published: Jun 17, 2026
Source: NVD
CVE-2026-39573 HIGH - 8.1

Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.

Vendor: Select-Themes
Product: Mildhill
Published: Jun 17, 2026
Source: NVD
CVE-2026-39568 HIGH - 8.1

Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

Vendor: Elated-Themes
Product: Mr. SEO
Published: Jun 17, 2026
Source: NVD
CVE-2026-39567 HIGH - 8.1

Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

Vendor: Select-Themes
Product: Santé
Published: Jun 17, 2026
Source: NVD
CVE-2026-39558 HIGH - 8.1

Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.

Vendor: Elated-Themes
Product: Malmö
Published: Jun 17, 2026
Source: NVD
CVE-2026-39557 HIGH - 8.1

Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

Vendor: Elated-Themes
Product: NeoBeat
Published: Jun 17, 2026
Source: NVD
CVE-2026-39554 HIGH - 8.1

Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

Vendor: Elated-Themes
Product: Fidalgo
Published: Jun 17, 2026
Source: NVD
CVE-2026-39549 HIGH - 8.1

Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

Vendor: Elated-Themes
Product: Aperitif
Published: Jun 17, 2026
Source: NVD