Browse CVEs | Page 9 - CVEInfo.com

Total CVEs

136,978

Critical Severity

3,261

High Severity

12,146

Last 7 Days

1,826

Clear Filters

📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →

Showing 161 - 180 of 33,383 CVEs

CVE-2026-40771 CRITICAL - 9.3

Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.

Vendor: Wasiliy Strecker

Product: Contest Gallery

Published: Jun 15, 2026

Source: NVD

CVE-2026-40770 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.

Vendor: RelyWP

Product: Coupon Affiliates

Published: Jun 15, 2026

Source: NVD

CVE-2026-40769 HIGH - 8.6

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions.

Vendor: Satinder Singh

Product: Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field

Published: Jun 15, 2026

Source: NVD

CVE-2026-40767 HIGH - 7.5

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

Vendor: Tomdever

Product: wpForo Forum

Published: Jun 15, 2026

Source: NVD

CVE-2026-40766 HIGH - 8.5

Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.

Vendor: StylemixThemes

Product: MasterStudy LMS

Published: Jun 15, 2026

Source: NVD

CVE-2026-40762 HIGH - 7.5

Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.

Vendor: WPGraphQL

Product: WPGraphQL

Published: Jun 15, 2026

Source: NVD

CVE-2026-40743 MEDIUM - 6.5

Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

Vendor: Themeum

Product: Tutor LMS

Published: Jun 15, 2026

Source: NVD

CVE-2026-40741 HIGH - 7.5

Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.

Vendor: Jose Conti

Product: Redsys for WooCommerce Light

Published: Jun 15, 2026

Source: NVD

CVE-2026-40732 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.

Vendor: rainafarai

Product: Notification for Telegram

Published: Jun 15, 2026

Source: NVD

CVE-2026-40727 HIGH - 7.7

Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

Vendor: Groundhogg

Product: Groundhogg

Published: Jun 15, 2026

Source: NVD

CVE-2026-39594 MEDIUM - 6.4

Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.

Vendor: Themefic

Product: Ultra Addons for WPForms

Published: Jun 15, 2026

Source: NVD

CVE-2026-39591 CRITICAL - 9.9

Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.

Vendor: CMSJunkie – WordPress Business Directory Plugins

Product: WP-BusinessDirectory

Published: Jun 15, 2026

Source: NVD

CVE-2026-39587 HIGH - 8.1

Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.

Vendor: Hakan Ozevin

Product: WP BASE Booking

Published: Jun 15, 2026

Source: NVD

CVE-2026-39584 MEDIUM - 6.5

Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.

Vendor: Webful Creations

Product: RepairBuddy

Published: Jun 15, 2026

Source: NVD

CVE-2026-39583 CRITICAL - 9.8

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.

Vendor: Datalogics

Product: Datalogics Ecommerce Delivery

Published: Jun 15, 2026

Source: NVD

CVE-2026-39579 HIGH - 8.8

Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.

Vendor: bPlugins

Product: B Blocks

Published: Jun 15, 2026

Source: NVD

CVE-2026-39540 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.

Vendor: Amit Mittal

Product: Shipment Tracker for Woocommerce

Published: Jun 15, 2026

Source: NVD

CVE-2026-39534 HIGH - 7.5

Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.

Vendor: Wp Directory Kit

Product: WP Directory Kit

Published: Jun 15, 2026

Source: NVD

CVE-2026-39533 HIGH - 7.5

Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.

Vendor: WPTasty

Product: AWP Classifieds

Published: Jun 15, 2026

Source: NVD

CVE-2026-39532 HIGH - 8.8

Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.

Vendor: Stiofan

Product: Events Calendar for GeoDirectory

Published: Jun 15, 2026

Source: NVD

« Previous 7 8 9 10 11 Next »