Total CVEs

138,591

Critical Severity

3,578

High Severity

12,841

Last 7 Days

1,641
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 741 - 760 of 34,996 CVEs
CVE-2026-40738 HIGH - 8.1

Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.

Vendor: Edge-Themes
Product: Eldon
Published: Jun 17, 2026
Source: NVD
CVE-2026-40733 HIGH - 8.1

Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.

Vendor: Mikado-Themes
Product: ShiftUp
Published: Jun 17, 2026
Source: NVD
CVE-2026-40720 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.

Vendor: Royal Elementor Addons
Product: Royal Elementor Addons Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39590 HIGH - 8.1

Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.

Vendor: ThemeMove
Product: Atomlab
Published: Jun 17, 2026
Source: NVD
CVE-2026-39576 HIGH - 8.1

Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.

Vendor: Elated-Themes
Product: SingleMalt
Published: Jun 17, 2026
Source: NVD
CVE-2026-39560 HIGH - 8.1

Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.

Vendor: Select-Themes
Product: Hiroshi
Published: Jun 17, 2026
Source: NVD
CVE-2026-39559 HIGH - 8.1

Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.

Vendor: codesupplyco
Product: Uppercase
Published: Jun 17, 2026
Source: NVD
CVE-2026-39556 HIGH - 8.1

Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.

Vendor: Elated-Themes
Product: Konsept
Published: Jun 17, 2026
Source: NVD
CVE-2026-39523 HIGH - 8.1

Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.

Vendor: Elated-Themes
Product: Solene Core
Published: Jun 17, 2026
Source: NVD
CVE-2026-39445 HIGH - 8.1

Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.

Vendor: PressLayouts
Product: Alukas
Published: Jun 17, 2026
Source: NVD
CVE-2026-39442 HIGH - 8.1

Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.

Vendor: PressLayouts
Product: PressMart
Published: Jun 17, 2026
Source: NVD
CVE-2026-10641 HIGH - 7.1

Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cind_handle(), which assigns a per-entry ...

Vendor: zephyrproject
Product: zephyr
Published: Jun 17, 2026
Source: NVD
CVE-2025-69189 HIGH - 7.3

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3.

Vendor: EMV
Product: JobBank
Published: Jun 17, 2026
Source: NVD
CVE-2025-69175 HIGH - 8.1

Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.

Vendor: ThemeREX
Product: Line Agency
Published: Jun 17, 2026
Source: NVD
CVE-2025-69174 HIGH - 8.1

Unauthenticated Local File Inclusion in Etude <= 1.6 versions.

Vendor: ThemeREX
Product: Etude
Published: Jun 17, 2026
Source: NVD
CVE-2025-69170 HIGH - 8.1

Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.

Vendor: ThemeREX
Product: Eventicity
Published: Jun 17, 2026
Source: NVD
CVE-2025-69166 HIGH - 8.1

Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.

Vendor: ThemeREX
Product: Gunslinger
Published: Jun 17, 2026
Source: NVD
CVE-2025-69164 HIGH - 8.1

Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.

Vendor: ThemeREX
Product: Skyward
Published: Jun 17, 2026
Source: NVD
CVE-2025-69158 HIGH - 8.1

Unauthenticated Local File Inclusion in Granola <= 1.13 versions.

Vendor: ThemeREX
Product: Granola
Published: Jun 17, 2026
Source: NVD
CVE-2025-69157 HIGH - 8.1

Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.

Vendor: ThemeREX
Product: Gamic
Published: Jun 17, 2026
Source: NVD