Total CVEs

137,287

Critical Severity

3,310

High Severity

12,270

Last 7 Days

1,338
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 101 - 120 of 11,967 CVEs
CVE-2026-7273 HIGH - 8.8

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions throughΒ 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.

Published: Jun 16, 2026
Source: NVD
CVE-2026-12161 HIGH - 8.8

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted altern...

Vendor: Devolutions
Product: Remote Desktop Manager
Published: Jun 16, 2026
Source: NVD
CVE-2026-48723 HIGH - 7.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a sh...

Vendor: browserstack
Product: browserstack-cypress-cli
Published: Jun 15, 2026
Source: NVD
CVE-2026-52702 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

Vendor: wp-buy
Product: SEO Redirection
Published: Jun 15, 2026
Source: NVD
CVE-2026-52700 HIGH - 8.5

Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.

Vendor: WcMultishipping – Mondial Relay & Chronopost for Wooommerce
Product: WCMultiShipping
Published: Jun 15, 2026
Source: NVD
CVE-2026-52699 HIGH - 7.5

Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

Vendor: e4jvikwp
Product: VikRentCar
Published: Jun 15, 2026
Source: NVD
CVE-2026-52697 HIGH - 8.5

Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

Vendor: Taskbuilder
Product: Taskbuilder
Published: Jun 15, 2026
Source: NVD
CVE-2026-52695 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.

Vendor: Al Monsor
Product: ABC Crypto Checkout
Published: Jun 15, 2026
Source: NVD
CVE-2026-52694 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.

Vendor: WP E-Signature
Product: Signature Add-On for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-52692 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.

Vendor: wp.insider
Product: Affiliates Manager
Published: Jun 15, 2026
Source: NVD
CVE-2026-49780 HIGH - 8.8

Customer Privilege Escalation in Dokan <= 5.0.2 versions.

Vendor: Dokan, Inc.
Product: Dokan
Published: Jun 15, 2026
Source: NVD
CVE-2026-49112 HIGH - 7.5

Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.

Vendor: Tammersoft
Product: Shared Files
Published: Jun 15, 2026
Source: NVD
CVE-2026-49110 HIGH - 7.5

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

Vendor: WP Swings
Product: Upsell Order Bump Offer for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-49083 HIGH - 7.5

Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.

Vendor: LatePoint
Product: LatePoint
Published: Jun 15, 2026
Source: NVD
CVE-2026-49082 HIGH - 7.4

Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions.

Vendor: Chatway Live Chat
Product: Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons
Published: Jun 15, 2026
Source: NVD
CVE-2026-49078 HIGH - 7.5

Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.

Vendor: WP Travel Engine
Product: WP Travel Engine
Published: Jun 15, 2026
Source: NVD
CVE-2026-49070 HIGH - 7.5

Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.

Vendor: Knit Pay
Product: Knit Pay
Published: Jun 15, 2026
Source: NVD
CVE-2026-49068 HIGH - 7.5

Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.

Vendor: RelyWP
Product: Coupon Affiliates
Published: Jun 15, 2026
Source: NVD
CVE-2026-49066 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.

Vendor: Conekta Group
Product: Conekta Payment Gateway
Published: Jun 15, 2026
Source: NVD
CVE-2026-49065 HIGH - 8.2

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.

Vendor: hippooo
Product: Hippoo Mobile App for WooCommerce
Published: Jun 15, 2026
Source: NVD