CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-49063
7.3 HIGH

Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.

Jun 15, 2026
CVE-2026-49061
7.5 HIGH

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

Jun 15, 2026
CVE-2026-49056
7.5 HIGH

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.

Jun 15, 2026
CVE-2026-49055
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.

Jun 15, 2026
CVE-2026-49043
4.7 MEDIUM

Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.

Jun 15, 2026
CVE-2026-48970
8.1 HIGH

Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.

Jun 15, 2026
CVE-2026-48966
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.

Jun 15, 2026
CVE-2026-48965
6.5 MEDIUM

Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.

Jun 15, 2026
CVE-2026-48964
8.5 HIGH

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

Jun 15, 2026
CVE-2026-48889
8.8 HIGH

Subscriber Privilege Escalation in Amelia <= 2.3 versions.

Jun 15, 2026
CVE-2026-48887
6.5 MEDIUM

Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.

Jun 15, 2026
CVE-2026-48886
9.3 CRITICAL

Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.

Jun 15, 2026
CVE-2026-48885
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.

Jun 15, 2026
CVE-2026-48883
7.5 HIGH

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

Jun 15, 2026
CVE-2026-48882
8.5 HIGH

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

Jun 15, 2026
CVE-2026-48881
9.1 CRITICAL

Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.

Jun 15, 2026
CVE-2026-48880
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.

Jun 15, 2026
CVE-2026-48878
6.5 MEDIUM

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.

Jun 15, 2026
CVE-2026-48876
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

Jun 15, 2026
CVE-2026-48874
8.5 HIGH

Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

Jun 15, 2026
CVE-2026-48873
7.5 HIGH

Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

Jun 15, 2026
CVE-2026-48872
7.5 HIGH

Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

Jun 15, 2026
CVE-2026-48871
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

Jun 15, 2026
CVE-2026-48870
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.

Jun 15, 2026
CVE-2026-48868
7.5 HIGH

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Jun 15, 2026
CVE-2026-48867
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

Jun 15, 2026
CVE-2026-48838
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.

Jun 15, 2026
CVE-2026-48836
10.0 CRITICAL

Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.

Jun 15, 2026
CVE-2026-48835
7.5 HIGH

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

Jun 15, 2026
CVE-2026-48709
3.7 LOW

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform …

Jun 15, 2026
CVE-2026-48708
7.5 HIGH

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance …

Jun 15, 2026
CVE-2026-48518
4.3 MEDIUM

MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, …

Jun 15, 2026
CVE-2026-48124

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from …

Jun 15, 2026
CVE-2026-47825
8.6 HIGH

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway …

Jun 15, 2026
CVE-2026-47261
7.5 HIGH

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, …

Jun 15, 2026
CVE-2026-45441
7.5 HIGH

Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.

Jun 15, 2026
CVE-2026-45439
9.3 CRITICAL

Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.

Jun 15, 2026
CVE-2026-45437
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions.

Jun 15, 2026
CVE-2026-42775
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.

Jun 15, 2026
CVE-2026-42752
6.5 MEDIUM

Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.

Jun 15, 2026
CVE-2026-42743
6.5 MEDIUM

Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.

Jun 15, 2026
CVE-2026-42688
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.

Jun 15, 2026
CVE-2026-42687
8.1 HIGH

Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.

Jun 15, 2026
CVE-2026-42686
7.1 HIGH

Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.

Jun 15, 2026
CVE-2026-42668
7.5 HIGH

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.

Jun 15, 2026
CVE-2026-42667
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.

Jun 15, 2026
CVE-2026-42666
7.5 HIGH

Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.

Jun 15, 2026
CVE-2026-42665
9.3 CRITICAL

Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions.

Jun 15, 2026
CVE-2026-42664
8.2 HIGH

Unauthenticated Broken Access Control in AI Product Search for WooCommerce &#8211; Motive Commerce Search <= 1.38.2 versions.

Jun 15, 2026
CVE-2026-42663
6.5 MEDIUM

Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.

Jun 15, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.