Total CVEs

138,196

Critical Severity

3,545

High Severity

12,691

Last 7 Days

1,953
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,321 - 1,340 of 34,601 CVEs
CVE-2026-48518 MEDIUM - 4.3

MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint (POST /multi-juicer/api/teams/{team}/join) accepted requests with any Content-Type, including text/plain. Because th...

Vendor: juice-shop
Product: multi-juicer
Published: Jun 15, 2026
Source: NVD
CVE-2026-48124

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run loca...

Vendor: cursor
Product: cursor
Published: Jun 15, 2026
Source: NVD
CVE-2026-47825 HIGH - 8.6

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Sp...

Vendor: Spring
Product: Spring Cloud Gateway
Published: Jun 15, 2026
Source: NVD
CVE-2026-45441 HIGH - 7.5

Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.

Vendor: Magepeople inc.
Product: WpEvently
Published: Jun 15, 2026
Source: NVD
CVE-2026-45439 CRITICAL - 9.3

Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.

Vendor: Realtyna
Product: Realtyna Organic IDX plugin
Published: Jun 15, 2026
Source: NVD
CVE-2026-45437 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions.

Vendor: Bhavin Thummar
Product: Product Filter Widget for Elementor
Published: Jun 15, 2026
Source: NVD
CVE-2026-42775 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.

Vendor: Ruben Garcia
Product: AutomatorWP
Published: Jun 15, 2026
Source: NVD
CVE-2026-42752 MEDIUM - 6.5

Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.

Vendor: mra13 / Team Tips and Tricks HQ
Product: Stripe Payments
Published: Jun 15, 2026
Source: NVD
CVE-2026-42743 MEDIUM - 6.5

Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.

Vendor: ThemeGrill
Product: Masteriyo - LMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-42688 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.

Vendor: WP Chill
Product: Modula Image Gallery
Published: Jun 15, 2026
Source: NVD
CVE-2026-42687 HIGH - 8.1

Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.

Vendor: EventPrime
Product: EventPrime
Published: Jun 15, 2026
Source: NVD
CVE-2026-42686 HIGH - 7.1

Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.

Vendor: EventPrime
Product: EventPrime
Published: Jun 15, 2026
Source: NVD
CVE-2026-42668 HIGH - 7.5

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.

Vendor: Omnisend
Product: Email Marketing for WooCommerce by Omnisend
Published: Jun 15, 2026
Source: NVD
CVE-2026-42667 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.

Vendor: Bookly
Product: Bookly
Published: Jun 15, 2026
Source: NVD
CVE-2026-42666 HIGH - 7.5

Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.

Vendor: Dimitri Grassi
Product: Salon booking system
Published: Jun 15, 2026
Source: NVD
CVE-2026-42665 CRITICAL - 9.3

Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions.

Vendor: Passionate Programmer Peter
Product: WP Data Access
Published: Jun 15, 2026
Source: NVD
CVE-2026-42664 HIGH - 8.2

Unauthenticated Broken Access Control in AI Product Search for WooCommerce &#8211; Motive Commerce Search <= 1.38.2 versions.

Vendor: Motive Commerce Search
Product: AI Product Search for WooCommerce &#8211; Motive Commerce Search
Published: Jun 15, 2026
Source: NVD
CVE-2026-42663 MEDIUM - 6.5

Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.

Vendor: wp.insider
Product: Simple Membership
Published: Jun 15, 2026
Source: NVD
CVE-2026-42662 MEDIUM - 6.5

Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.

Vendor: Liquid Web / StellarWP
Product: Event Tickets
Published: Jun 15, 2026
Source: NVD
CVE-2026-42661 HIGH - 8.8

Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.

Vendor: aguilatechnologies
Product: WP Customer Area
Published: Jun 15, 2026
Source: NVD