Total CVEs

140,315

Critical Severity

3,712

High Severity

13,361

Last 7 Days

1,805
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,901 - 8,920 of 13,058 CVEs
CVE-2026-32426 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through < 1.4.7.

Vendor: themelexus
Product: Medilazar Core
Published: Mar 13, 2026
Source: NVD
CVE-2026-32422 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.

Vendor: levelfourdevelopment
Product: WP EasyCart
Published: Mar 13, 2026
Source: NVD
CVE-2026-32418 HIGH - 7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.

Vendor: Jordy Meow
Product: Meow Gallery
Published: Mar 13, 2026
Source: NVD
CVE-2026-32414 HIGH - 7.2

Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36.

Vendor: ILLID
Product: Advanced Woo Labels
Published: Mar 13, 2026
Source: NVD
CVE-2026-32401 HIGH - 7.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <...

Vendor: BoldGrid
Product: Client Invoicing by Sprout Invoices
Published: Mar 13, 2026
Source: NVD
CVE-2026-32400 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.

Vendor: ThemetechMount
Product: Boldman
Published: Mar 13, 2026
Source: NVD
CVE-2026-32399 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.32.

Vendor: David Lingren
Product: Media LIbrary Assistant
Published: Mar 13, 2026
Source: NVD
CVE-2026-32393 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.

Vendor: Creatives_Planet
Product: Greenly Theme Addons
Published: Mar 13, 2026
Source: NVD
CVE-2026-32392 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.

Vendor: Creatives_Planet
Product: Greenly
Published: Mar 13, 2026
Source: NVD
CVE-2026-32384 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through <= 1.2.9.

Vendor: magepeopleteam
Product: WpBookingly
Published: Mar 13, 2026
Source: NVD
CVE-2026-32369 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through < 2.0.7.

Vendor: RadiusTheme
Product: Medilink-Core
Published: Mar 13, 2026
Source: NVD
CVE-2026-32368 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.

Vendor: delphiknight
Product: Geo to Lat
Published: Mar 13, 2026
Source: NVD
CVE-2026-32366 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.

Vendor: robfelty
Product: Collapsing Categories
Published: Mar 13, 2026
Source: NVD
CVE-2026-32365 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3.0.7.

Vendor: robfelty
Product: Collapsing Archives
Published: Mar 13, 2026
Source: NVD
CVE-2026-32364 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through < 4.0.8.

Vendor: redqteam
Product: Turbo Manager
Published: Mar 13, 2026
Source: NVD
CVE-2026-32358 HIGH - 7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.

Vendor: wpdevelop
Product: Booking Calendar
Published: Mar 13, 2026
Source: NVD
CVE-2026-32355 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.

Vendor: Crocoblock
Product: JetEngine
Published: Mar 13, 2026
Source: NVD
CVE-2026-32308 HIGH - 7.6

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid dia...

Vendor: OneUptime
Product: oneuptime
Published: Mar 13, 2026
Source: NVD
CVE-2026-31944 HIGH - 7.6

LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the browser hitting the redirec...

Vendor: danny-avila
Product: LibreChat
Published: Mar 13, 2026
Source: NVD
CVE-2026-31922 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.

Vendor: Ays Pro
Product: Fox LMS
Published: Mar 13, 2026
Source: NVD