Total CVEs

137,241

Critical Severity

3,307

High Severity

12,254

Last 7 Days

1,447
Quick preset (or use dates below)
Clear Filters
Showing 141 - 160 of 12,254 CVEs
CVE-2026-42384 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

Vendor: NSquared
Product: Simply Schedule Appointments
Published: Jun 15, 2026
Source: NVD
CVE-2026-40791 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.

Vendor: codepeople
Product: WP Time Slots Booking Form
Published: Jun 15, 2026
Source: NVD
CVE-2026-40789 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.

Vendor: TMS
Product: Amelia
Published: Jun 15, 2026
Source: NVD
CVE-2026-40788 HIGH - 7.1

Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.

Vendor: QuantumCloud
Product: ChatBot
Published: Jun 15, 2026
Source: NVD
CVE-2026-40787 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.

Vendor: ExpressTech
Product: Quiz And Survey Master
Published: Jun 15, 2026
Source: NVD
CVE-2026-40785 HIGH - 7.1

Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.

Vendor: Ruben Garcia
Product: AutomatorWP
Published: Jun 15, 2026
Source: NVD
CVE-2026-40781 HIGH - 7.5

Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.

Vendor: ReviewX
Product: ReviewX
Published: Jun 15, 2026
Source: NVD
CVE-2026-40779 HIGH - 7.7

Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.

Vendor: Yannick Lefebvre
Product: Link Library
Published: Jun 15, 2026
Source: NVD
CVE-2026-40776 HIGH - 7.5

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.

Vendor: Arraytics
Product: WP Event SOlution
Published: Jun 15, 2026
Source: NVD
CVE-2026-40775 HIGH - 7.3

Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.

Vendor: Royal Plugins
Product: Royal MCP
Published: Jun 15, 2026
Source: NVD
CVE-2026-40774 HIGH - 7.5

Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.

Vendor: SaasProject
Product: Booking Package
Published: Jun 15, 2026
Source: NVD
CVE-2026-40770 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.

Vendor: RelyWP
Product: Coupon Affiliates
Published: Jun 15, 2026
Source: NVD
CVE-2026-40769 HIGH - 8.6

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi &#8211; Save Entries, File Upload &amp; Country Code Field <= 1.0.6 versions.

Vendor: Satinder Singh
Product: Contact Form Extender for Divi &#8211; Save Entries, File Upload &amp; Country Code Field
Published: Jun 15, 2026
Source: NVD
CVE-2026-40767 HIGH - 7.5

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

Vendor: Tomdever
Product: wpForo Forum
Published: Jun 15, 2026
Source: NVD
CVE-2026-40766 HIGH - 8.5

Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.

Vendor: StylemixThemes
Product: MasterStudy LMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-40762 HIGH - 7.5

Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.

Vendor: WPGraphQL
Product: WPGraphQL
Published: Jun 15, 2026
Source: NVD
CVE-2026-40741 HIGH - 7.5

Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.

Vendor: Jose Conti
Product: Redsys for WooCommerce Light
Published: Jun 15, 2026
Source: NVD
CVE-2026-40732 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.

Vendor: rainafarai
Product: Notification for Telegram
Published: Jun 15, 2026
Source: NVD
CVE-2026-40727 HIGH - 7.7

Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

Vendor: Groundhogg
Product: Groundhogg
Published: Jun 15, 2026
Source: NVD
CVE-2026-39587 HIGH - 8.1

Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.

Vendor: Hakan Ozevin
Product: WP BASE Booking
Published: Jun 15, 2026
Source: NVD