Total CVEs

139,442

Critical Severity

3,643

High Severity

13,079

Last 7 Days

1,400
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 1,581 - 1,600 of 35,847 CVEs
CVE-2026-54809 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10.

Vendor: VillaTheme
Product: GIFT4U
Published: Jun 17, 2026
Source: NVD
CVE-2026-54808 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.

Vendor: WP Travel
Product: WP Travel Gutenberg Blocks
Published: Jun 17, 2026
Source: NVD
CVE-2026-54417 HIGH - 7.5

An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof...

Vendor: rxi
Product: microtar
Published: Jun 17, 2026
Source: NVD
CVE-2026-54193 HIGH - 7.7

Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Jun 17, 2026
Source: NVD
CVE-2026-52716 MEDIUM - 6.5

Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.

Vendor: purethemes
Product: WorkScout-Core
Published: Jun 17, 2026
Source: NVD
CVE-2026-52707 HIGH - 8.1

Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.

Vendor: Mikado-Themes
Product: Kastell
Published: Jun 17, 2026
Source: NVD
CVE-2026-49268 CRITICAL - 9.1

A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate the...

Vendor: Apache Software Foundation
Product: Apache Shiro
Published: Jun 17, 2026
Source: NVD
CVE-2026-49108 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Moderno < 1.43 versions.

Vendor: park_of_ideas
Product: Moderno
Published: Jun 17, 2026
Source: NVD
CVE-2026-40757 HIGH - 8.1

Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.

Vendor: Mikado-Themes
Product: Château
Published: Jun 17, 2026
Source: NVD
CVE-2026-40756 HIGH - 8.1

Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

Vendor: Mikado-Themes
Product: Zoya
Published: Jun 17, 2026
Source: NVD
CVE-2026-40752 HIGH - 8.1

Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.

Vendor: Select-Themes
Product: Manufaktur Solutions
Published: Jun 17, 2026
Source: NVD
CVE-2026-40738 HIGH - 8.1

Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.

Vendor: Edge-Themes
Product: Eldon
Published: Jun 17, 2026
Source: NVD
CVE-2026-40733 HIGH - 8.1

Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.

Vendor: Mikado-Themes
Product: ShiftUp
Published: Jun 17, 2026
Source: NVD
CVE-2026-40720 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.

Vendor: Royal Elementor Addons
Product: Royal Elementor Addons Pro
Published: Jun 17, 2026
Source: NVD
CVE-2026-39590 HIGH - 8.1

Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.

Vendor: ThemeMove
Product: Atomlab
Published: Jun 17, 2026
Source: NVD
CVE-2026-39576 HIGH - 8.1

Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.

Vendor: Elated-Themes
Product: SingleMalt
Published: Jun 17, 2026
Source: NVD
CVE-2026-39560 HIGH - 8.1

Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.

Vendor: Select-Themes
Product: Hiroshi
Published: Jun 17, 2026
Source: NVD
CVE-2026-39559 HIGH - 8.1

Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.

Vendor: codesupplyco
Product: Uppercase
Published: Jun 17, 2026
Source: NVD
CVE-2026-39556 HIGH - 8.1

Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.

Vendor: Elated-Themes
Product: Konsept
Published: Jun 17, 2026
Source: NVD
CVE-2026-39523 HIGH - 8.1

Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.

Vendor: Elated-Themes
Product: Solene Core
Published: Jun 17, 2026
Source: NVD