Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,933
Quick preset (or use dates below)
Clear Filters
Showing 8,381 - 8,400 of 13,708 CVEs
CVE-2026-32504 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8.

Vendor: CreativeWS
Product: VintWood
Published: Mar 25, 2026
Source: NVD
CVE-2026-32503 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through <= 1.1.4.

Vendor: CreativeWS
Product: Trendustry
Published: Mar 25, 2026
Source: NVD
CVE-2026-32501 HIGH - 7.1

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through <= 3.7.9.

Vendor: wp-configurator
Product: WP Configurator Pro
Published: Mar 25, 2026
Source: NVD
CVE-2026-32500 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through <= 1.1.4.

Vendor: CreativeWS
Product: MetaMax
Published: Mar 25, 2026
Source: NVD
CVE-2026-32498 HIGH - 7.5

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.

Vendor: Metagauss
Product: RegistrationMagic
Published: Mar 25, 2026
Source: NVD
CVE-2026-32495 HIGH - 7.5

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0.

Vendor: Link Software LLC
Product: WP Terms Popup
Published: Mar 25, 2026
Source: NVD
CVE-2026-32494 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.

Vendor: Ays Pro
Product: Image Slider by Ays
Published: Mar 25, 2026
Source: NVD
CVE-2026-32488 HIGH - 8.1

Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9.

Vendor: wpeverest
Product: User Registration
Published: Mar 25, 2026
Source: NVD
CVE-2026-32485 HIGH - 7.5

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8.

Vendor: weDevs
Product: WP User Frontend
Published: Mar 25, 2026
Source: NVD
CVE-2026-32484 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26.

Vendor: BoldGrid
Product: weForms
Published: Mar 25, 2026
Source: NVD
CVE-2026-32441 HIGH - 7.7

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through <= 2.4.9.

Vendor: WebToffee
Product: Comments Import & Export
Published: Mar 25, 2026
Source: NVD
CVE-2026-31921 HIGH - 8.2

Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2.

Vendor: Devteam HaywoodTech
Product: Product Rearrange for WooCommerce
Published: Mar 25, 2026
Source: NVD
CVE-2026-31913 HIGH - 8.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16.

Vendor: Whitebox-Studio
Product: Scape
Published: Mar 25, 2026
Source: NVD
CVE-2026-2995 HIGH - 7.7

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-27088 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Darna Framework darna-framework allows Reflected XSS.This issue affects Darna Framework: from n/a through <= 2.9.

Vendor: G5Theme
Product: Darna Framework
Published: Mar 25, 2026
Source: NVD
CVE-2026-27087 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through <= 1.9.

Vendor: G5Theme
Product: Wolverine Framework
Published: Mar 25, 2026
Source: NVD
CVE-2026-27081 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4.

Vendor: Mikado-Themes
Product: Rosebud
Published: Mar 25, 2026
Source: NVD
CVE-2026-27080 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through <= 1.0.

Vendor: Mikado-Themes
Product: Deston
Published: Mar 25, 2026
Source: NVD
CVE-2026-27079 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1.

Vendor: Mikado-Themes
Product: Amfissa
Published: Mar 25, 2026
Source: NVD
CVE-2026-27078 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1.

Vendor: Mikado-Themes
Product: Emaurri
Published: Mar 25, 2026
Source: NVD