Total CVEs

136,968

Critical Severity

3,261

High Severity

12,143

Last 7 Days

1,831
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 121 - 140 of 33,373 CVEs
CVE-2026-42649 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.

Vendor: Archetyped
Product: Favicon Rotator
Published: Jun 15, 2026
Source: NVD
CVE-2026-42640 MEDIUM - 6.5

Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.

Vendor: Mamunur Rashid
Product: Classified Listing
Published: Jun 15, 2026
Source: NVD
CVE-2026-42639 CRITICAL - 9.3

Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.

Vendor: Dev4Press
Product: GD Rating System
Published: Jun 15, 2026
Source: NVD
CVE-2026-42411 HIGH - 8.1

Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.

Vendor: XServer
Product: CloudSecure WP Security
Published: Jun 15, 2026
Source: NVD
CVE-2026-42386 CRITICAL - 9.3

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.

Vendor: tychesoftwares
Product: Order Delivery Date for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-42384 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

Vendor: NSquared
Product: Simply Schedule Appointments
Published: Jun 15, 2026
Source: NVD
CVE-2026-42381 CRITICAL - 9.3

Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.

Vendor: FunnelKit
Product: Funnel Builder by FunnelKit
Published: Jun 15, 2026
Source: NVD
CVE-2026-42378 MEDIUM - 6.5

Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.

Vendor: Themeisle
Product: WP Full Stripe Free
Published: Jun 15, 2026
Source: NVD
CVE-2026-41556 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.

Vendor: properfraction
Product: ProfilePress
Published: Jun 15, 2026
Source: NVD
CVE-2026-40799 MEDIUM - 5.3

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.

Vendor: RelyWP
Product: Simple Cloudflare Turnstile
Published: Jun 15, 2026
Source: NVD
CVE-2026-40798 CRITICAL - 9.3

Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.

Vendor: Tomdever
Product: wpForo Forum
Published: Jun 15, 2026
Source: NVD
CVE-2026-40796 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.

Vendor: ollybach
Product: WPPizza
Published: Jun 15, 2026
Source: NVD
CVE-2026-40795 MEDIUM - 6.5

Subscriber Broken Access Control in Amelia <= 2.2 versions.

Vendor: TMS
Product: Amelia
Published: Jun 15, 2026
Source: NVD
CVE-2026-40794 MEDIUM - 6.5

Subscriber Broken Access Control in myCred <= 3.0.3 versions.

Vendor: myCred
Product: myCred
Published: Jun 15, 2026
Source: NVD
CVE-2026-40793 MEDIUM - 6.5

Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.

Vendor: Groundhogg
Product: Groundhogg
Published: Jun 15, 2026
Source: NVD
CVE-2026-40792 MEDIUM - 6.3

Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions.

Vendor: Iqonic Design
Product: KiviCare
Published: Jun 15, 2026
Source: NVD
CVE-2026-40791 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.

Vendor: codepeople
Product: WP Time Slots Booking Form
Published: Jun 15, 2026
Source: NVD
CVE-2026-40790 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.

Vendor: VeronaLabs
Product: WP SMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-40789 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.

Vendor: TMS
Product: Amelia
Published: Jun 15, 2026
Source: NVD
CVE-2026-40788 HIGH - 7.1

Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.

Vendor: QuantumCloud
Product: ChatBot
Published: Jun 15, 2026
Source: NVD