Total CVEs

137,228

Critical Severity

3,305

High Severity

12,247

Last 7 Days

1,452
Quick preset (or use dates below)
Clear Filters
Showing 101 - 120 of 12,247 CVEs
CVE-2026-49055 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload โ€“ Contact Form 7 <= 1.3.9.7 versions.

Vendor: Glen Don Mongaya
Product: Drag and Drop Multiple File Upload โ€“ Contact Form 7
Published: Jun 15, 2026
Source: NVD
CVE-2026-48970 HIGH - 8.1

Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.

Vendor: Really Simple Plugins
Product: Really Simple SSL
Published: Jun 15, 2026
Source: NVD
CVE-2026-48966 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.

Vendor: FunnelKit
Product: Funnel Builder by FunnelKit
Published: Jun 15, 2026
Source: NVD
CVE-2026-48964 HIGH - 8.5

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

Vendor: ELEXtensions
Product: ELEX WordPress HelpDesk & Customer Ticketing System
Published: Jun 15, 2026
Source: NVD
CVE-2026-48889 HIGH - 8.8

Subscriber Privilege Escalation in Amelia <= 2.3 versions.

Vendor: TMS
Product: Amelia
Published: Jun 15, 2026
Source: NVD
CVE-2026-48885 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.

Vendor: Groundhogg
Product: HollerBox
Published: Jun 15, 2026
Source: NVD
CVE-2026-48883 HIGH - 7.5

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

Vendor: WPClever
Product: WPC Product Bundles for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-48882 HIGH - 8.5

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

Vendor: codepeople
Product: WP Time Slots Booking Form
Published: Jun 15, 2026
Source: NVD
CVE-2026-48876 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

Vendor: Web Guy
Product: Stop Spammers
Published: Jun 15, 2026
Source: NVD
CVE-2026-48874 HIGH - 8.5

Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

Vendor: Ruben Garcia
Product: GamiPress
Published: Jun 15, 2026
Source: NVD
CVE-2026-48873 HIGH - 7.5

Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

Vendor: Montonio
Product: Montonio for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-48872 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

Vendor: WPDeveloper
Product: EmbedPress
Published: Jun 15, 2026
Source: NVD
CVE-2026-48871 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

Vendor: Takashi Kitajima
Product: MW WP Form
Published: Jun 15, 2026
Source: NVD
CVE-2026-48868 HIGH - 7.5

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Vendor: mra13 / Team Tips and Tricks HQ
Product: Simple Shopping Cart
Published: Jun 15, 2026
Source: NVD
CVE-2026-48867 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

Vendor: ExpressTech
Product: Quiz And Survey Master
Published: Jun 15, 2026
Source: NVD
CVE-2026-48838 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.

Vendor: WPExperts
Product: Post SMTP
Published: Jun 15, 2026
Source: NVD
CVE-2026-48835 HIGH - 7.5

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

Vendor: Awesomemotive
Product: Contact Form by WPForms
Published: Jun 15, 2026
Source: NVD
CVE-2026-48708 HIGH - 7.5

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level variable in service/internal/tpl/templates.go) across all goroutines. Every action execution calls tpl....

Vendor: OliveTin
Product: OliveTin
Published: Jun 15, 2026
Source: NVD
CVE-2026-47825 HIGH - 8.6

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Sp...

Vendor: Spring
Product: Spring Cloud Gateway
Published: Jun 15, 2026
Source: NVD
CVE-2026-45441 HIGH - 7.5

Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.

Vendor: Magepeople inc.
Product: WpEvently
Published: Jun 15, 2026
Source: NVD