Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
Showing 8,461 - 8,480 of 13,729 CVEs
CVE-2026-25350 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3.

Vendor: skygroup
Product: Miti
Published: Mar 25, 2026
Source: NVD
CVE-2026-25349 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Loobek loobek allows Reflected XSS.This issue affects Loobek: from n/a through < 1.5.2.

Vendor: skygroup
Product: Loobek
Published: Mar 25, 2026
Source: NVD
CVE-2026-25347 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through <= 2026.1.0.

Vendor: Acato
Product: WP REST Cache
Published: Mar 25, 2026
Source: NVD
CVE-2026-25346 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through <= 1.8.2.

Vendor: Ays Pro
Product: FAQ Builder AYS
Published: Mar 25, 2026
Source: NVD
CVE-2026-25342 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through < 2.4.6.

Vendor: kutethemes
Product: Boutique
Published: Mar 25, 2026
Source: NVD
CVE-2026-25341 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45.

Vendor: RSJoomla!
Product: RSFirewall!
Published: Mar 25, 2026
Source: NVD
CVE-2026-25334 HIGH - 8.1

Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12.

Vendor: wordpresschef
Product: Salon Booking System Pro
Published: Mar 25, 2026
Source: NVD
CVE-2026-25317 HIGH - 7.5

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5....

Vendor: tychesoftwares
Product: Print Invoice & Delivery Notes for WooCommerce
Published: Mar 25, 2026
Source: NVD
CVE-2026-25309 HIGH - 7.5

Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.

Vendor: PublishPress
Product: PublishPress Authors
Published: Mar 25, 2026
Source: NVD
CVE-2026-25306 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through <= 5.6.4.

Vendor: 8theme
Product: XStore Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-25304 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Jaroti jaroti allows Reflected XSS.This issue affects Jaroti: from n/a through < 1.4.8.

Vendor: skygroup
Product: Jaroti
Published: Mar 25, 2026
Source: NVD
CVE-2026-25033 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uixthemes Motta Addons motta-addons allows Reflected XSS.This issue affects Motta Addons: from n/a through < 1.6.1.

Vendor: uixthemes
Product: Motta Addons
Published: Mar 25, 2026
Source: NVD
CVE-2026-25026 HIGH - 7.5

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.11.

Vendor: RadiusTheme
Product: Team
Published: Mar 25, 2026
Source: NVD
CVE-2026-25025 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Reflected XSS.This issue affects VikRestaurants: from n/a through <= 1.5.2.

Vendor: e4jvikwp
Product: VikRestaurants
Published: Mar 25, 2026
Source: NVD
CVE-2026-25018 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through <= 2.1.

Vendor: stmcan
Product: NaturaLife Extensions
Published: Mar 25, 2026
Source: NVD
CVE-2026-25017 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through <= 2.1.

Vendor: stmcan
Product: NaturaLife Extensions
Published: Mar 25, 2026
Source: NVD
CVE-2026-25013 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through <= 2.0.8.

Vendor: WHMCSdes
Product: Phox Hosting
Published: Mar 25, 2026
Source: NVD
CVE-2026-25007 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through ...

Vendor: Element Invader
Product: ElementInvader Addons for Elementor
Published: Mar 25, 2026
Source: NVD
CVE-2026-25002 HIGH - 7.5

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress &#8211; Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress &#8211; Sepay Payment: from n/a through <= 4.0.0.

Vendor: ThimPress
Product: LearnPress &#8211; Sepay Payment
Published: Mar 25, 2026
Source: NVD
CVE-2026-25001 HIGH - 8.5

Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through <= 4.0.12.

Vendor: Saad Iqbal
Product: Post Snippets
Published: Mar 25, 2026
Source: NVD