Total CVEs

138,940

Critical Severity

3,615

High Severity

12,982

Last 7 Days

1,046
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,161 - 1,180 of 35,345 CVEs
CVE-2026-5667

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Packaged Air Conditioners (for Japan and outside Japan); Refrigerators (for...

Published: Jun 17, 2026
Source: NVD
CVE-2026-55706 MEDIUM - 5.8

sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.

Vendor: OpenBSD
Product: OpenBSD
Published: Jun 17, 2026
Source: NVD
CVE-2026-54811 CRITICAL - 9.3

Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.

Vendor: Tips and Tricks HQ
Product: WP eMember
Published: Jun 17, 2026
Source: NVD
CVE-2026-54807 CRITICAL - 9.8

Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.

Vendor: ThemeGrill
Product: Registration Form for WooCommerce
Published: Jun 17, 2026
Source: NVD
CVE-2026-54806 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

Vendor: Melapress
Product: WP Activity Log
Published: Jun 17, 2026
Source: NVD
CVE-2026-54805 HIGH - 8.8

Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

Vendor: sbouey
Product: Falang multilanguage
Published: Jun 17, 2026
Source: NVD
CVE-2026-54804 HIGH - 7.6

Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

Vendor: melhorenvio
Product: Melhor Envio
Published: Jun 17, 2026
Source: NVD
CVE-2026-54803 CRITICAL - 9.8

Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

Vendor: Cozy Vision Technologies Pvt. Ltd.
Product: SMS Alert Order Notifications
Published: Jun 17, 2026
Source: NVD
CVE-2026-54802 HIGH - 7.5

Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

Vendor: Cozy Vision Technologies Pvt. Ltd.
Product: SMS Alert Order Notifications
Published: Jun 17, 2026
Source: NVD
CVE-2026-54196 MEDIUM - 6.8

Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

Vendor: Jetmonsters
Product: JetFormBuilder
Published: Jun 17, 2026
Source: NVD
CVE-2026-54195 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

Vendor: Jetmonsters
Product: JetFormBuilder
Published: Jun 17, 2026
Source: NVD
CVE-2026-54194 CRITICAL - 9.8

Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Jun 17, 2026
Source: NVD
CVE-2026-54192 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.

Vendor: Ays Pro
Product: Popup box
Published: Jun 17, 2026
Source: NVD
CVE-2026-54189 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-54188 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-54187 CRITICAL - 9.3

Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.

Vendor: Jetimpex Inc.
Product: JetEngine
Published: Jun 17, 2026
Source: NVD
CVE-2026-54186 CRITICAL - 9.3

Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.

Vendor: eyecix
Product: JobSearch
Published: Jun 17, 2026
Source: NVD
CVE-2026-54185 HIGH - 8.5

Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

Vendor: THEMECO
Product: Cornerstone
Published: Jun 17, 2026
Source: NVD
CVE-2026-54184 HIGH - 8.2

Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.

Vendor: Alberto Hornero
Product: Clean Login
Published: Jun 17, 2026
Source: NVD
CVE-2026-53876 HIGH - 7.2

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator.

Vendor: Micro-Star International Co., Ltd.
Product: RadiX AX6600 WiFi 6 Tri-Band Gaming Router
Published: Jun 17, 2026
Source: NVD