Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,901
Quick preset (or use dates below)
Clear Filters
Showing 8,421 - 8,440 of 13,708 CVEs
CVE-2026-25400 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0.

Vendor: thememount
Product: Apicona
Published: Mar 25, 2026
Source: NVD
CVE-2026-25397 HIGH - 7.5

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4.

Vendor: Snowray Software
Product: File Uploader for WooCommerce
Published: Mar 25, 2026
Source: NVD
CVE-2026-25396 HIGH - 7.5

Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through <= 1.6.6.

Vendor: CoderPress
Product: Commerce Coinbase For WooCommerce
Published: Mar 25, 2026
Source: NVD
CVE-2026-25383 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through <= 3.6.16.

Vendor: Iqonic Design
Product: KiviCare
Published: Mar 25, 2026
Source: NVD
CVE-2026-25382 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through < 3.8.6.

Vendor: jwsthemes
Product: IdealAuto
Published: Mar 25, 2026
Source: NVD
CVE-2026-25381 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes LoveDate lovedate allows PHP Local File Inclusion.This issue affects LoveDate: from n/a through < 3.8.6.

Vendor: jwsthemes
Product: LoveDate
Published: Mar 25, 2026
Source: NVD
CVE-2026-25380 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Feedy feedy allows PHP Local File Inclusion.This issue affects Feedy: from n/a through < 2.1.5.

Vendor: jwsthemes
Product: Feedy
Published: Mar 25, 2026
Source: NVD
CVE-2026-25379 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through < 6.8.6.

Vendor: jwsthemes
Product: StreamVid
Published: Mar 25, 2026
Source: NVD
CVE-2026-25376 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.

Vendor: eyecix
Product: Addon Jobsearch Chat
Published: Mar 25, 2026
Source: NVD
CVE-2026-25373 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProgressionStudios Vayvo vayvo-progression allows Reflected XSS.This issue affects Vayvo: from n/a through < 6.8.

Vendor: ProgressionStudios
Product: Vayvo
Published: Mar 25, 2026
Source: NVD
CVE-2026-25361 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through <= 5.1.4.

Vendor: magepeopleteam
Product: WpEvently
Published: Mar 25, 2026
Source: NVD
CVE-2026-25360 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9.

Vendor: rascals
Product: Vex
Published: Mar 25, 2026
Source: NVD
CVE-2026-25359 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5.

Vendor: rascals
Product: Pendulum
Published: Mar 25, 2026
Source: NVD
CVE-2026-25358 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2.

Vendor: rascals
Product: Meloo
Published: Mar 25, 2026
Source: NVD
CVE-2026-25357 HIGH - 8.1

Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7.

Vendor: azzaroco
Product: Ultimate Membership Pro
Published: Mar 25, 2026
Source: NVD
CVE-2026-25356 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through < 1.6.7.

Vendor: skygroup
Product: Yobazar
Published: Mar 25, 2026
Source: NVD
CVE-2026-25354 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through < 1.4.8.

Vendor: skygroup
Product: Reebox
Published: Mar 25, 2026
Source: NVD
CVE-2026-25353 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Nooni nooni allows Reflected XSS.This issue affects Nooni: from n/a through < 1.5.1.

Vendor: skygroup
Product: Nooni
Published: Mar 25, 2026
Source: NVD
CVE-2026-25352 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through < 1.5.9.

Vendor: skygroup
Product: MyDecor
Published: Mar 25, 2026
Source: NVD
CVE-2026-25351 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through < 1.7.7.

Vendor: skygroup
Product: MyMedi
Published: Mar 25, 2026
Source: NVD