Total CVEs

138,754

Critical Severity

3,601

High Severity

12,905

Last 7 Days

1,526
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 1,101 - 1,120 of 35,159 CVEs
CVE-2026-27870

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS)  payload into the 'Hostname' field of the c...

Vendor: Teldat
Product: Regesta Smart HD-PLC - TLDPH16D2
Published: Jun 17, 2026
Source: NVD
CVE-2026-27869

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smar...

Vendor: Teldat
Product: Regesta Smart HD-PLC - TLDPH16D2
Published: Jun 17, 2026
Source: NVD
CVE-2026-27868

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting i...

Vendor: Teldat
Product: Regesta Smart HD-PLC - TLDPH16D2
Published: Jun 17, 2026
Source: NVD
CVE-2026-27429 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.

Vendor: BoldThemes
Product: Nifty
Published: Jun 17, 2026
Source: NVD
CVE-2026-27410 MEDIUM - 6.5

Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.

Vendor: VeronaLabs
Product: Slimstat Analytics
Published: Jun 17, 2026
Source: NVD
CVE-2026-27400 HIGH - 8.6

Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.

Vendor: Ovatheme
Product: BookPro
Published: Jun 17, 2026
Source: NVD
CVE-2026-27395 CRITICAL - 9.8

Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.

Vendor: Schiocco
Product: Support Board
Published: Jun 17, 2026
Source: NVD
CVE-2026-27041 CRITICAL - 9.9

Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.

Vendor: Studio Keren Aga LTD.
Product: Unlimited Elements for Elementor (Premium)
Published: Jun 17, 2026
Source: NVD
CVE-2026-25470 CRITICAL - 10.0

Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.

Vendor: ACPT
Product: ACPT (Pro) - Custom Post Types Plugin for WordPress
Published: Jun 17, 2026
Source: NVD
CVE-2026-25446 CRITICAL - 9.9

Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.

Vendor: WishList Products, LLC.
Product: WishList Member X
Published: Jun 17, 2026
Source: NVD
CVE-2026-25439 HIGH - 8.1

Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.

Vendor: fs-code
Product: Booknetic
Published: Jun 17, 2026
Source: NVD
CVE-2026-24611 CRITICAL - 9.1

Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.

Vendor: WPMet
Product: MetForm Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-24610 MEDIUM - 4.3

Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.

Vendor: WPMet
Product: MetForm Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-24575 MEDIUM - 4.3

Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.

Vendor: WishList Member
Product: WishList Member X
Published: Jun 17, 2026
Source: NVD
CVE-2026-22343 HIGH - 8.6

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

Vendor: PremiumPress Limited.
Product: WordPress Dating Theme
Published: Jun 17, 2026
Source: NVD
CVE-2026-22342 HIGH - 8.8

Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.

Vendor: PremiumPress Limited.
Product: WordPress Dating Theme
Published: Jun 17, 2026
Source: NVD
CVE-2026-22340 CRITICAL - 9.3

Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.

Vendor: Jobster Marketplace
Product: WPJobster
Published: Jun 17, 2026
Source: NVD
CVE-2026-22339 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.

Vendor: Jobster Marketplace
Product: WPJobster
Published: Jun 17, 2026
Source: NVD
CVE-2026-22338 HIGH - 8.1

Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.

Vendor: ThemeREX
Product: EcoBlue
Published: Jun 17, 2026
Source: NVD
CVE-2026-22335 HIGH - 8.5

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.

Vendor: WC Lovers.
Product: WooCommerce Frontend Manager – Ultimate
Published: Jun 17, 2026
Source: NVD