Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,948
Quick preset (or use dates below)
Clear Filters
Showing 8,361 - 8,380 of 13,708 CVEs
CVE-2026-32545 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through <= 1.1.4.

Vendor: Taboola
Product: Taboola Pixel
Published: Mar 25, 2026
Source: NVD
CVE-2026-32544 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OOPSpam Team OOPSpam Anti-Spam oopspam-anti-spam allows Stored XSS.This issue affects OOPSpam Anti-Spam: from n/a through <= 1.2.62.

Vendor: OOPSpam Team
Product: OOPSpam Anti-Spam
Published: Mar 25, 2026
Source: NVD
CVE-2026-32542 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through < 3.15.0.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Mar 25, 2026
Source: NVD
CVE-2026-32540 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bookly Bookly bookly-responsive-appointment-booking-tool allows Reflected XSS.This issue affects Bookly: from n/a through <= 26.7.

Vendor: Bookly
Product: Bookly
Published: Mar 25, 2026
Source: NVD
CVE-2026-32538 HIGH - 7.5

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24.

Vendor: Noor Alam
Product: SMTP Mailer
Published: Mar 25, 2026
Source: NVD
CVE-2026-32537 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: f...

Vendor: nK
Product: Visual Portfolio, Photo Gallery & Post Grid
Published: Mar 25, 2026
Source: NVD
CVE-2026-32534 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3.

Vendor: JoomSky
Product: JS Help Desk
Published: Mar 25, 2026
Source: NVD
CVE-2026-32532 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1...

Vendor: ThemeHunk
Product: Contact Form & Lead Form Elementor Builder
Published: Mar 25, 2026
Source: NVD
CVE-2026-32531 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through < 1.4.5.

Vendor: gavias
Product: Kunco
Published: Mar 25, 2026
Source: NVD
CVE-2026-32530 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18.

Vendor: WPFunnels
Product: Creator LMS
Published: Mar 25, 2026
Source: NVD
CVE-2026-32529 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.

Vendor: don-themes
Product: Molla
Published: Mar 25, 2026
Source: NVD
CVE-2026-32528 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.

Vendor: don-themes
Product: Riode
Published: Mar 25, 2026
Source: NVD
CVE-2026-32526 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.10.

Vendor: VillaTheme
Product: Abandoned Cart Recovery for WooCommerce
Published: Mar 25, 2026
Source: NVD
CVE-2026-32522 HIGH - 8.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5.

Vendor: vanquish
Product: WooCommerce Support Ticket System
Published: Mar 25, 2026
Source: NVD
CVE-2026-32518 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8.

Vendor: imithemes
Product: Gaea
Published: Mar 25, 2026
Source: NVD
CVE-2026-32517 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: from n/a through <= 9.1.

Vendor: Kleor
Product: Contact Manager
Published: Mar 25, 2026
Source: NVD
CVE-2026-32516 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2.

Vendor: kamleshyadav
Product: Miraculous Core Plugin
Published: Mar 25, 2026
Source: NVD
CVE-2026-32515 HIGH - 7.5

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1.2.

Vendor: kamleshyadav
Product: Miraculous
Published: Mar 25, 2026
Source: NVD
CVE-2026-32513 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.

Vendor: Miguel Useche
Product: JS Archive List
Published: Mar 25, 2026
Source: NVD
CVE-2026-32505 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through <= 2.0.8.

Vendor: CreativeWS
Product: Kiddy
Published: Mar 25, 2026
Source: NVD