Browse CVEs | Page 37

Total CVEs

140,406

Critical Severity

3,747

High Severity

13,541

Last 7 Days

1,806

Clear Filters

📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →

Showing 721 - 740 of 36,811 CVEs

CVE-2026-56122 HIGH - 7.5

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse ...

Vendor: rickknowles

Product: Winstone Servlet Container

Published: Jun 25, 2026

Source: NVD

CVE-2026-56071 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.

Vendor: WPMU DEV

Product: Forminator

Published: Jun 25, 2026

Source: NVD

CVE-2026-56054 HIGH - 7.7

Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.

Vendor: Ahmad

Product: JS Help Desk

Published: Jun 25, 2026

Source: NVD

CVE-2026-56053 HIGH - 8.8

Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.

Vendor: EventPrime

Product: EventPrime

Published: Jun 25, 2026

Source: NVD

CVE-2026-56051 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.

Vendor: TablePress

Product: TablePress

Published: Jun 25, 2026

Source: NVD

CVE-2026-56050 MEDIUM - 6.5

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18.

Vendor: Themeisle

Product: PPOM for WooCommerce

Published: Jun 25, 2026

Source: NVD

CVE-2026-56049 HIGH - 8.5

Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.

Vendor: Post Snippets

Product: Post Snippets

Published: Jun 25, 2026

Source: NVD

CVE-2026-56042 HIGH - 7.1

Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.

Vendor: Algolplus

Product: Advanced Order Export For WooCommerce

Published: Jun 25, 2026

Source: NVD

CVE-2026-56023 MEDIUM - 5.4

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.

Vendor: Knit Pay

Product: UPI QR Code Payment Gateway for WooCommerce

Published: Jun 25, 2026

Source: NVD

CVE-2026-56014 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.

Vendor: Averta

Product: Master Slider

Published: Jun 25, 2026

Source: NVD

CVE-2026-56013 MEDIUM - 6.5

Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.

Vendor: myCred

Product: License Manager for WooCommerce

Published: Jun 25, 2026

Source: NVD

CVE-2026-56006 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.

Vendor: H5P

Product: H5P

Published: Jun 25, 2026

Source: NVD

CVE-2026-56005 HIGH - 7.1

Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.

Vendor: Melapress

Product: WP Activity Log

Published: Jun 25, 2026

Source: NVD

CVE-2026-54849 CRITICAL - 9.3

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.

Vendor: Premmerce

Product: Premmerce Wishlist for WooCommerce

Published: Jun 25, 2026

Source: NVD

CVE-2026-54848 HIGH - 8.3

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.

Vendor: Saad Iqbal

Product: APIExperts Square for WooCommerce

Published: Jun 25, 2026

Source: NVD

CVE-2026-54845 HIGH - 8.1

Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.

Vendor: PluginUs.Net

Product: MDTF

Published: Jun 25, 2026

Source: NVD

CVE-2026-54844 HIGH - 7.5

Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.

Vendor: CheckView

Product: CheckView Automated Testing

Published: Jun 25, 2026

Source: NVD

CVE-2026-54843 CRITICAL - 9.3

Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.

Vendor: PluginUs.Net

Product: MDTF

Published: Jun 25, 2026

Source: NVD

CVE-2026-54842 HIGH - 8.1

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.

Vendor: Royal Plugins

Product: Royal MCP

Published: Jun 25, 2026

Source: NVD

CVE-2026-54841 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.

Vendor: Appsbd

Product: Vitepos

Published: Jun 25, 2026

Source: NVD

« Previous 35 36 37 38 39 Next »