Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,933
Quick preset (or use dates below)
Clear Filters
Showing 8,401 - 8,420 of 13,708 CVEs
CVE-2026-27077 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2.

Vendor: Mikado-Themes
Product: MultiOffice
Published: Mar 25, 2026
Source: NVD
CVE-2026-27076 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through <= 1.0.

Vendor: Mikado-Themes
Product: LuxeDrive
Published: Mar 25, 2026
Source: NVD
CVE-2026-27075 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0.

Vendor: Mikado-Themes
Product: Belfort
Published: Mar 25, 2026
Source: NVD
CVE-2026-27073 HIGH - 7.5

Use of Hard-coded Credentials vulnerability in Addi Addi &#8211; Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi &#8211; Cuotas que se adaptan a ti: from n/a through <= 2.0.4.

Vendor: Addi
Product: Addi &#8211; Cuotas que se adaptan a ti
Published: Mar 25, 2026
Source: NVD
CVE-2026-27054 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affects Penci Soledad Data Migrator: from n/a through <= 1.3.1.

Vendor: PenciDesign
Product: Penci Soledad Data Migrator
Published: Mar 25, 2026
Source: NVD
CVE-2026-27048 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through <= 2.0.5.

Vendor: Elated-Themes
Product: The Aisle Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-27047 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through <= 2.1.6.

Vendor: Mikado-Themes
Product: Curly Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-27045 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through <= 1.6.2.

Vendor: sbthemes
Product: WooCommerce Infinite Scroll
Published: Mar 25, 2026
Source: NVD
CVE-2026-27040 HIGH - 8.8

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team WZone woozone allows Path Traversal.This issue affects WZone: from n/a through <= 14.0.31.

Vendor: AA-Team
Product: WZone
Published: Mar 25, 2026
Source: NVD
CVE-2026-27039 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through <= 14.0.31.

Vendor: AA-Team
Product: WZone
Published: Mar 25, 2026
Source: NVD
CVE-2026-25464 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.3.

Vendor: TieLabs
Product: Jannah
Published: Mar 25, 2026
Source: NVD
CVE-2026-25461 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through <= 2.0.21.

Vendor: purethemes
Product: Listeo Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-25458 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through <= 2.2.

Vendor: Select-Themes
Product: Moments
Published: Mar 25, 2026
Source: NVD
CVE-2026-25457 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through <= 2.1.

Vendor: Select-Themes
Product: Mixtape
Published: Mar 25, 2026
Source: NVD
CVE-2026-25456 HIGH - 7.5

Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through <= 5.1...

Vendor: Aarsiv Groups
Product: Automated FedEx live/manual rates with shipping labels
Published: Mar 25, 2026
Source: NVD
CVE-2026-25452 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through <= 2.2.

Vendor: WPDO
Product: Remoji
Published: Mar 25, 2026
Source: NVD
CVE-2026-25435 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Stored XSS.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.36.

Vendor: wpdevart
Product: Booking calendar, Appointment Booking System
Published: Mar 25, 2026
Source: NVD
CVE-2026-25414 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through <= 1.6.18.

Vendor: iqonicdesign
Product: WPBookit Pro
Published: Mar 25, 2026
Source: NVD
CVE-2026-25406 HIGH - 8.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4.

Vendor: Themeum
Product: Tutor LMS Pro
Published: Mar 25, 2026
Source: NVD
CVE-2026-25401 HIGH - 7.5

Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.

Vendor: Arni Cinco
Product: WPCargo Track & Trace
Published: Mar 25, 2026
Source: NVD