Total CVEs

138,574

Critical Severity

3,576

High Severity

12,840

Last 7 Days

2,055
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 861 - 880 of 34,979 CVEs
CVE-2026-40760 HIGH - 8.1

Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

Vendor: Edge-Themes
Product: Behold
Published: Jun 17, 2026
Source: NVD
CVE-2026-40759 HIGH - 8.1

Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

Vendor: Mikado-Themes
Product: Esmée
Published: Jun 17, 2026
Source: NVD
CVE-2026-40758 HIGH - 8.1

Unauthenticated PHP Object Injection in LĂ©onie <= 1.2.1 versions.

Vendor: Elated-Themes
Product: LĂ©onie
Published: Jun 17, 2026
Source: NVD
CVE-2026-40755 HIGH - 8.1

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Vendor: Mikado-Themes
Product: TechLink
Published: Jun 17, 2026
Source: NVD
CVE-2026-40754 HIGH - 8.1

Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

Vendor: Elated-Themes
Product: Roisin
Published: Jun 17, 2026
Source: NVD
CVE-2026-40753 HIGH - 8.1

Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.

Vendor: Mikado-Themes
Product: EasyMeals
Published: Jun 17, 2026
Source: NVD
CVE-2026-40751 HIGH - 8.1

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Vendor: Mikado-Themes
Product: Ashtanga
Published: Jun 17, 2026
Source: NVD
CVE-2026-40749 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.

Vendor: themagnifico52
Product: Charity Zone
Published: Jun 17, 2026
Source: NVD
CVE-2026-40748 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.

Vendor: themagnifico52
Product: Kids Gift Shop
Published: Jun 17, 2026
Source: NVD
CVE-2026-40747 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.

Vendor: themagnifico52
Product: Ecommerce Zone
Published: Jun 17, 2026
Source: NVD
CVE-2026-40746 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.

Vendor: themagnifico52
Product: Restaurant Zone
Published: Jun 17, 2026
Source: NVD
CVE-2026-40739 HIGH - 8.1

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Vendor: Mikado-Themes
Product: LuxeDrive
Published: Jun 17, 2026
Source: NVD
CVE-2026-40736 HIGH - 8.1

Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

Vendor: Edge-Themes
Product: Laurits
Published: Jun 17, 2026
Source: NVD
CVE-2026-40735 HIGH - 8.1

Unauthenticated PHP Object Injection in Reina <= 2.1 versions.

Vendor: Edge-Themes
Product: Reina
Published: Jun 17, 2026
Source: NVD
CVE-2026-40731 HIGH - 8.1

Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.

Vendor: Mikado-Themes
Product: ChapterOne
Published: Jun 17, 2026
Source: NVD
CVE-2026-40726 HIGH - 8.2

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.

Vendor: ThemeGrill
Product: User Registration Stripe
Published: Jun 17, 2026
Source: NVD
CVE-2026-40725 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.

Vendor: Barn2 Media Ltd
Product: WooCommerce Product Filters
Published: Jun 17, 2026
Source: NVD
CVE-2026-40724 MEDIUM - 6.5

CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.

Vendor: Client Portal Ltd.
Product: Client Portal (Pro)
Published: Jun 17, 2026
Source: NVD
CVE-2026-40723 MEDIUM - 4.3

Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.

Vendor: Bricks
Product: Bricks Builder
Published: Jun 17, 2026
Source: NVD
CVE-2026-40722 MEDIUM - 5.5

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6.

Vendor: Yoast BV
Product: Yoast SEO Premium
Published: Jun 17, 2026
Source: NVD