Total CVEs

138,196

Critical Severity

3,545

High Severity

12,691

Last 7 Days

1,972
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,401 - 1,420 of 34,601 CVEs
CVE-2026-39525 MEDIUM - 6.5

Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.

Vendor: Booking Activities Team
Product: Booking Activities
Published: Jun 15, 2026
Source: NVD
CVE-2026-39524 HIGH - 7.5

Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.

Vendor: ThemeGrill
Product: Masteriyo - LMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-39519 CRITICAL - 9.3

Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.

Vendor: Ahmad
Product: GeekyBot
Published: Jun 15, 2026
Source: NVD
CVE-2026-39518 HIGH - 7.1

Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.

Vendor: EventPrime
Product: EventPrime
Published: Jun 15, 2026
Source: NVD
CVE-2026-39515 MEDIUM - 6.5

Subscriber Broken Access Control in Motors < 1.4.107 versions.

Vendor: StylemixThemes
Product: Motors
Published: Jun 15, 2026
Source: NVD
CVE-2026-39514 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.

Vendor: Cozmoslabs
Product: Paid Member Subscriptions
Published: Jun 15, 2026
Source: NVD
CVE-2026-39513 HIGH - 7.5

Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.

Vendor: Easy Appointments
Product: Easy Appointments
Published: Jun 15, 2026
Source: NVD
CVE-2026-39512 CRITICAL - 9.3

Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.

Vendor: Paolo
Product: GeoDirectory
Published: Jun 15, 2026
Source: NVD
CVE-2026-39511 CRITICAL - 9.3

Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.

Vendor: Jacob N. Breetvelt
Product: WP Photo Album Plus
Published: Jun 15, 2026
Source: NVD
CVE-2026-39507 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.

Vendor: Themeisle
Product: Social Slider Feed
Published: Jun 15, 2026
Source: NVD
CVE-2026-39503 HIGH - 7.5

Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.

Vendor: Awesomemotive
Product: Easy Digital Downloads
Published: Jun 15, 2026
Source: NVD
CVE-2026-39502 CRITICAL - 9.3

Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.

Vendor: 10Web
Product: Form Maker by 10Web
Published: Jun 15, 2026
Source: NVD
CVE-2026-39499 HIGH - 7.2

Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.

Vendor: Wombat Plugins
Product: Advanced Product Fields (Product Addons) for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-39498 HIGH - 7.2

Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.

Vendor: Yeeaddons
Product: YayMail
Published: Jun 15, 2026
Source: NVD
CVE-2026-39493 CRITICAL - 9.3

Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.

Vendor: NSquared
Product: Simply Schedule Appointments
Published: Jun 15, 2026
Source: NVD
CVE-2026-39492 CRITICAL - 9.3

Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.

Vendor: Flipper Code โ€“ WordPress Development Company
Product: WP Maps
Published: Jun 15, 2026
Source: NVD
CVE-2026-39491 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.

Vendor: artbees
Product: JupiterX Core
Published: Jun 15, 2026
Source: NVD
CVE-2026-39489 MEDIUM - 4.4

Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.

Vendor: WP Chill
Product: Download Monitor
Published: Jun 15, 2026
Source: NVD
CVE-2026-39481 HIGH - 7.2

Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.

Vendor: WP Chill
Product: Modula Image Gallery
Published: Jun 15, 2026
Source: NVD
CVE-2026-39480 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions.

Vendor: Inisev
Product: Backup Migration
Published: Jun 15, 2026
Source: NVD