Browse CVEs | HIGH Severity | Page 7

Total CVEs

137,266

Critical Severity

3,307

High Severity

12,261

Last 7 Days

1,325

Clear Filters

📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →

Showing 121 - 140 of 11,958 CVEs

CVE-2026-48883 HIGH - 7.5

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

Vendor: WPClever

Product: WPC Product Bundles for WooCommerce

Published: Jun 15, 2026

Source: NVD

CVE-2026-48882 HIGH - 8.5

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

Vendor: codepeople

Product: WP Time Slots Booking Form

Published: Jun 15, 2026

Source: NVD

CVE-2026-48876 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

Vendor: Web Guy

Product: Stop Spammers

Published: Jun 15, 2026

Source: NVD

CVE-2026-48874 HIGH - 8.5

Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

Vendor: Ruben Garcia

Product: GamiPress

Published: Jun 15, 2026

Source: NVD

CVE-2026-48873 HIGH - 7.5

Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

Vendor: Montonio

Product: Montonio for WooCommerce

Published: Jun 15, 2026

Source: NVD

CVE-2026-48872 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

Vendor: WPDeveloper

Product: EmbedPress

Published: Jun 15, 2026

Source: NVD

CVE-2026-48871 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

Vendor: Takashi Kitajima

Product: MW WP Form

Published: Jun 15, 2026

Source: NVD

CVE-2026-48868 HIGH - 7.5

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Vendor: mra13 / Team Tips and Tricks HQ

Product: Simple Shopping Cart

Published: Jun 15, 2026

Source: NVD

CVE-2026-48867 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

Vendor: ExpressTech

Product: Quiz And Survey Master

Published: Jun 15, 2026

Source: NVD

CVE-2026-48838 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.

Vendor: WPExperts

Product: Post SMTP

Published: Jun 15, 2026

Source: NVD

CVE-2026-48835 HIGH - 7.5

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

Vendor: Awesomemotive

Product: Contact Form by WPForms

Published: Jun 15, 2026

Source: NVD

CVE-2026-48708 HIGH - 7.5

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level variable in service/internal/tpl/templates.go) across all goroutines. Every action execution calls tpl....

Vendor: OliveTin

Product: OliveTin

Published: Jun 15, 2026

Source: NVD

CVE-2026-47825 HIGH - 8.6

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Sp...

Vendor: Spring

Product: Spring Cloud Gateway

Published: Jun 15, 2026

Source: NVD

CVE-2026-45441 HIGH - 7.5

Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.

Vendor: Magepeople inc.

Product: WpEvently

Published: Jun 15, 2026

Source: NVD

CVE-2026-45437 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions.

Vendor: Bhavin Thummar

Product: Product Filter Widget for Elementor

Published: Jun 15, 2026

Source: NVD

CVE-2026-42775 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.

Vendor: Ruben Garcia

Product: AutomatorWP

Published: Jun 15, 2026

Source: NVD

CVE-2026-42687 HIGH - 8.1

Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.

Vendor: EventPrime

Product: EventPrime

Published: Jun 15, 2026

Source: NVD

CVE-2026-42686 HIGH - 7.1

Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.

Vendor: EventPrime

Product: EventPrime

Published: Jun 15, 2026

Source: NVD

CVE-2026-42668 HIGH - 7.5

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.

Vendor: Omnisend

Product: Email Marketing for WooCommerce by Omnisend

Published: Jun 15, 2026

Source: NVD

CVE-2026-42667 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.

Vendor: Bookly

Product: Bookly

Published: Jun 15, 2026

Source: NVD

« Previous 5 6 7 8 9 Next »