Total CVEs

138,574

Critical Severity

3,576

High Severity

12,840

Last 7 Days

2,055
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 881 - 900 of 34,979 CVEs
CVE-2026-40721 HIGH - 7.5

Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.

Vendor: BdThemes
Product: Element Pack Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39598 HIGH - 8.0

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.

Vendor: Kodezen LLC
Product: Academy LMS Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39597 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.

Vendor: WPZOOM
Product: WPZOOM Addons for Elementor
Published: Jun 17, 2026
Source: NVD
CVE-2026-39596 CRITICAL - 9.3

Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.

Vendor: Creative Themes
Product: Blocksy Companion Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39595 MEDIUM - 4.7

Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.

Vendor: BoldGrid
Product: W3 Total Cache
Published: Jun 17, 2026
Source: NVD
CVE-2026-39589 CRITICAL - 9.9

Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.

Vendor: A WP Life
Product: Webenvo
Published: Jun 17, 2026
Source: NVD
CVE-2026-39582 HIGH - 8.1

Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.

Vendor: xtemos
Product: Hitek
Published: Jun 17, 2026
Source: NVD
CVE-2026-39580 HIGH - 8.1

Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

Vendor: Select-Themes
Product: Micdrop
Published: Jun 17, 2026
Source: NVD
CVE-2026-39578 MEDIUM - 5.5

Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.

Vendor: Elated-Themes
Product: Valiance
Published: Jun 17, 2026
Source: NVD
CVE-2026-39577 MEDIUM - 5.5

Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

Vendor: Elated-Themes
Product: Playroom
Published: Jun 17, 2026
Source: NVD
CVE-2026-39573 HIGH - 8.1

Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.

Vendor: Select-Themes
Product: Mildhill
Published: Jun 17, 2026
Source: NVD
CVE-2026-39568 HIGH - 8.1

Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

Vendor: Elated-Themes
Product: Mr. SEO
Published: Jun 17, 2026
Source: NVD
CVE-2026-39567 HIGH - 8.1

Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

Vendor: Select-Themes
Product: Santé
Published: Jun 17, 2026
Source: NVD
CVE-2026-39558 HIGH - 8.1

Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.

Vendor: Elated-Themes
Product: Malmö
Published: Jun 17, 2026
Source: NVD
CVE-2026-39557 HIGH - 8.1

Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

Vendor: Elated-Themes
Product: NeoBeat
Published: Jun 17, 2026
Source: NVD
CVE-2026-39554 HIGH - 8.1

Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

Vendor: Elated-Themes
Product: Fidalgo
Published: Jun 17, 2026
Source: NVD
CVE-2026-39549 HIGH - 8.1

Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

Vendor: Elated-Themes
Product: Aperitif
Published: Jun 17, 2026
Source: NVD
CVE-2026-39548 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.

Vendor: Sneeit
Product: MagOne
Published: Jun 17, 2026
Source: NVD
CVE-2026-39547 HIGH - 8.1

Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

Vendor: Select-Themes
Product: Getaway
Published: Jun 17, 2026
Source: NVD
CVE-2026-39546 HIGH - 7.6

Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.

Vendor: Techspawn
Product: MultiLoca
Published: Jun 17, 2026
Source: NVD