Total CVEs

138,363

Critical Severity

3,555

High Severity

12,775

Last 7 Days

2,006
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 721 - 740 of 34,768 CVEs
CVE-2026-24611 CRITICAL - 9.1

Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.

Vendor: WPMet
Product: MetForm Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-24610 MEDIUM - 4.3

Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.

Vendor: WPMet
Product: MetForm Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-24575 MEDIUM - 4.3

Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.

Vendor: WishList Member
Product: WishList Member X
Published: Jun 17, 2026
Source: NVD
CVE-2026-22343 HIGH - 8.6

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

Vendor: PremiumPress Limited.
Product: WordPress Dating Theme
Published: Jun 17, 2026
Source: NVD
CVE-2026-22342 HIGH - 8.8

Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.

Vendor: PremiumPress Limited.
Product: WordPress Dating Theme
Published: Jun 17, 2026
Source: NVD
CVE-2026-22340 CRITICAL - 9.3

Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.

Vendor: Jobster Marketplace
Product: WPJobster
Published: Jun 17, 2026
Source: NVD
CVE-2026-22339 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.

Vendor: Jobster Marketplace
Product: WPJobster
Published: Jun 17, 2026
Source: NVD
CVE-2026-22338 HIGH - 8.1

Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.

Vendor: ThemeREX
Product: EcoBlue
Published: Jun 17, 2026
Source: NVD
CVE-2026-22335 HIGH - 8.5

Subscriber SQL Injection in WooCommerce Frontend Manager โ€“ Ultimate < 6.7.7 versions.

Vendor: WC Lovers.
Product: WooCommerce Frontend Manager โ€“ Ultimate
Published: Jun 17, 2026
Source: NVD
CVE-2026-22334 HIGH - 7.5

Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.

Vendor: WPos
Product: Woocommerce Book Price
Published: Jun 17, 2026
Source: NVD
CVE-2026-22332 CRITICAL - 9.3

Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.

Vendor: Themeum
Product: Tutor LMS Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-22331 HIGH - 8.1

Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.

Vendor: ThemeREX
Product: AutoParts
Published: Jun 17, 2026
Source: NVD
CVE-2026-22330 HIGH - 8.1

Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.

Vendor: Themeum
Product: Right Way
Published: Jun 17, 2026
Source: NVD
CVE-2026-22329 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.

Vendor: Themeum
Product: Skillate
Published: Jun 17, 2026
Source: NVD
CVE-2026-22328 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.

Vendor: VamTam
Product: Auto Repair
Published: Jun 17, 2026
Source: NVD
CVE-2026-22327 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.

Vendor: Zozothemes
Product: Restaurt
Published: Jun 17, 2026
Source: NVD
CVE-2026-22326 HIGH - 8.1

Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.

Vendor: AxiomThemes
Product: Reprizo
Published: Jun 17, 2026
Source: NVD
CVE-2026-22325 HIGH - 8.1

Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.

Vendor: AxiomThemes
Product: Promo
Published: Jun 17, 2026
Source: NVD
CVE-2026-12491 MEDIUM - 4.8

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information...

Vendor: Red Hat
Product: Red Hat AI Inference Server, Red Hat Enterprise Linux AI (RHEL AI) 3, Red Hat OpenShift AI (RHOAI)
Published: Jun 17, 2026
Source: NVD
CVE-2026-12469 MEDIUM - 4.3

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 17, 2026
Source: NVD