Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
Showing 8,481 - 8,500 of 13,729 CVEs
CVE-2026-24983 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution UpSolution Core us-core allows Reflected XSS.This issue affects UpSolution Core: from n/a through <= 8.41.

Vendor: UpSolution
Product: UpSolution Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-24981 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9.

Vendor: NooTheme
Product: Visionary Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-24980 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through <= 1.4.9.

Vendor: NooTheme
Product: Visionary Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-24979 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobica Core jobica-core allows Reflected XSS.This issue affects Jobica Core: from n/a through <= 1.4.1.

Vendor: NooTheme
Product: Jobica Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-24978 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection.This issue affects Jobica Core: from n/a through <= 1.4.1.

Vendor: NooTheme
Product: Jobica Core
Published: Mar 25, 2026
Source: NVD
CVE-2026-24977 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2.

Vendor: NooTheme
Product: Organici Library
Published: Mar 25, 2026
Source: NVD
CVE-2026-24976 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through <= 2.1.2.

Vendor: NooTheme
Product: Organici Library
Published: Mar 25, 2026
Source: NVD
CVE-2026-24975 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici Library: from n/a through <= 2.1.2.

Vendor: NooTheme
Product: Organici Library
Published: Mar 25, 2026
Source: NVD
CVE-2026-24974 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1.

Vendor: NooTheme
Product: CitiLights
Published: Mar 25, 2026
Source: NVD
CVE-2026-24973 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through <= 3.7.1.

Vendor: NooTheme
Product: CitiLights
Published: Mar 25, 2026
Source: NVD
CVE-2026-24970 HIGH - 7.7

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through <= 1.2.

Vendor: designingmedia
Product: Energox
Published: Mar 25, 2026
Source: NVD
CVE-2026-24969 HIGH - 7.7

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a through <= 1.0.1.

Vendor: designingmedia
Product: Instant VA
Published: Mar 25, 2026
Source: NVD
CVE-2026-24391 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through <= 1.6.7.

Vendor: ThemeMakers
Product: Car Dealer
Published: Mar 25, 2026
Source: NVD
CVE-2026-24382 HIGH - 7.5

Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Magazine X: from n/a through <= 1.2.50.

Vendor: wproyal
Product: News Magazine X
Published: Mar 25, 2026
Source: NVD
CVE-2026-24373 HIGH - 8.1

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.

Vendor: Metagauss
Product: RegistrationMagic
Published: Mar 25, 2026
Source: NVD
CVE-2026-24372 HIGH - 7.5

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through <= 1.8.10.

Vendor: WP Swings
Product: Subscriptions for WooCommerce
Published: Mar 25, 2026
Source: NVD
CVE-2026-24369 HIGH - 7.1

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

Vendor: Theme-one
Product: The Grid
Published: Mar 25, 2026
Source: NVD
CVE-2026-24363 HIGH - 7.5

Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through < 10.3.0.

Vendor: loopus
Product: WP Cost Estimation & Payment Forms Builder
Published: Mar 25, 2026
Source: NVD
CVE-2026-24359 HIGH - 8.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.

Vendor: Dokan, Inc.
Product: Dokan
Published: Mar 25, 2026
Source: NVD
CVE-2026-23979 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through <= 2.2.1.

Vendor: Softwebmedia
Product: Gyan Elements
Published: Mar 25, 2026
Source: NVD