Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,755
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 10,821 - 10,840 of 38,432 CVEs
CVE-2026-45217 MEDIUM - 6.5

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Gateway for WooCommerce: from n/a through 5.0.7.

Vendor: ThemeHigh
Product: Stripe Payment Gateway for WooCommerce
Published: May 25, 2026
Source: NVD
CVE-2026-45216 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0.

Vendor: StoreApps
Product: Smart Manager
Published: May 25, 2026
Source: NVD
CVE-2026-45209 HIGH - 7.5

Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a through 2.161.

Vendor: edward_plainview
Product: MyCryptoCheckout
Published: May 25, 2026
Source: NVD
CVE-2026-42776 MEDIUM - 6.3

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7.

Vendor: WP Sunshine
Product: Sunshine Photo Cart
Published: May 25, 2026
Source: NVD
CVE-2026-42774 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1.

Vendor: Crocoblock
Product: JetEngine
Published: May 25, 2026
Source: NVD
CVE-2026-42773 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2.

Vendor: eMagicOne
Product: eMagicOne Store Manager
Published: May 25, 2026
Source: NVD
CVE-2026-42763 MEDIUM - 6.5

Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20.

Vendor: SePay team
Product: SePay Gateway
Published: May 25, 2026
Source: NVD
CVE-2026-39436 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3.

Vendor: bgermann
Product: CformsII
Published: May 25, 2026
Source: NVD
CVE-2026-32389 MEDIUM - 5.4

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2.

Vendor: Linethemes
Product: NanoCare
Published: May 25, 2026
Source: NVD
CVE-2026-24937 HIGH - 7.2

Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3.

Vendor: VideoWhisper.com
Product: Broadcast Live Video
Published: May 25, 2026
Source: NVD
CVE-2026-9511 MEDIUM - 6.3

A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack remotely. The expl...

Published: May 25, 2026
Source: NVD
CVE-2026-9504 LOW - 3.3

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public ...

Published: May 25, 2026
Source: NVD
CVE-2026-27398 MEDIUM - 5.3

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16.

Vendor: WP Chill
Product: RSVP and Event Management
Published: May 25, 2026
Source: NVD
CVE-2026-27357 MEDIUM - 5.3

Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a before 1.5.0.

Vendor: Cornel Raiu
Product: WP Search Analytics
Published: May 25, 2026
Source: NVD
CVE-2026-27346 MEDIUM - 4.9

Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10.

Vendor: Kings Plugins
Product: B2BKing
Published: May 25, 2026
Source: NVD
CVE-2026-24592 MEDIUM - 5.3

Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3.

Vendor: Lucian Apostol
Product: Auto Affiliate Links
Published: May 25, 2026
Source: NVD
CVE-2026-24586 MEDIUM - 5.4

Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Newses: from n/a through 2.0.0.77.

Vendor: Themeansar
Product: Newses
Published: May 25, 2026
Source: NVD
CVE-2026-24582 MEDIUM - 4.3

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0.

Vendor: WPPOOL
Product: FlexTable
Published: May 25, 2026
Source: NVD
CVE-2026-24554 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1.

Vendor: Convers Lab
Product: WPSubscription
Published: May 25, 2026
Source: NVD
CVE-2026-24527 MEDIUM - 4.3

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0.

Vendor: Patterns in the cloud
Product: Autoship Cloud for WooCommerce Subscription Products
Published: May 25, 2026
Source: NVD