Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,747
Quick preset (or use dates below)
Clear Filters
Showing 10,461 - 10,480 of 14,108 CVEs
CVE-2026-27383 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metro: from n/a through <= 2.13.

Vendor: RadiusTheme
Product: Metro
Published: Mar 05, 2026
Source: NVD
CVE-2026-27382 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13.

Vendor: RadiusTheme
Product: Metro
Published: Mar 05, 2026
Source: NVD
CVE-2026-27381 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15.

Vendor: thembay
Product: Aora
Published: Mar 05, 2026
Source: NVD
CVE-2026-27379 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.4.7.

Vendor: NextScripts
Product: NextScripts
Published: Mar 05, 2026
Source: NVD
CVE-2026-27376 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through <= 2.2.7.

Vendor: JanStudio
Product: Claue - Clean, Minimal Elementor WooCommerce Theme
Published: Mar 05, 2026
Source: NVD
CVE-2026-27375 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8.

Vendor: JanStudio
Product: Gecko
Published: Mar 05, 2026
Source: NVD
CVE-2026-27374 HIGH - 7.5

Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Order Details: from n/a through <= 3.1.

Vendor: vanquish
Product: WooCommerce Order Details
Published: Mar 05, 2026
Source: NVD
CVE-2026-27373 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a through <= 1.2.3.

Vendor: Essekia
Product: Tablesome
Published: Mar 05, 2026
Source: NVD
CVE-2026-27370 HIGH - 7.5

Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through <= 3.5.1.

Vendor: Premio
Product: Chaty
Published: Mar 05, 2026
Source: NVD
CVE-2026-27369 HIGH - 8.1

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6.

Vendor: BoldThemes
Product: Celeste
Published: Mar 05, 2026
Source: NVD
CVE-2026-27367 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through <= 3.2.4.

Vendor: ThemeGoods
Product: Musico
Published: Mar 05, 2026
Source: NVD
CVE-2026-27363 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6.

Vendor: kamleshyadav
Product: WP Bakery Autoresponder Addon
Published: Mar 05, 2026
Source: NVD
CVE-2026-27361 HIGH - 7.5

Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.1.

Vendor: WebCodingPlace
Product: Responsive Posts Carousel Pro
Published: Mar 05, 2026
Source: NVD
CVE-2026-27359 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Awa Plugins awa-plugins allows Reflected XSS.This issue affects Awa Plugins: from n/a through <= 1.4.4.

Vendor: fox-themes
Product: Awa Plugins
Published: Mar 05, 2026
Source: NVD
CVE-2026-27358 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Architecturer architecturer allows Reflected XSS.This issue affects Architecturer: from n/a through <= 3.8.8.

Vendor: ThemeGoods
Product: Architecturer
Published: Mar 05, 2026
Source: NVD
CVE-2026-27353 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through <= 3.4.3.

Vendor: ThemeGoods
Product: Grand News
Published: Mar 05, 2026
Source: NVD
CVE-2026-27352 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through <= 2.1.9.

Vendor: ThemeGoods
Product: Starto
Published: Mar 05, 2026
Source: NVD
CVE-2026-27348 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through <= 7.6.1.

Vendor: ThemeGoods
Product: Photography
Published: Mar 05, 2026
Source: NVD
CVE-2026-27342 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a throu...

Vendor: Mikado-Themes
Product: TopFit - Fitness and Gym WordPress Theme
Published: Mar 05, 2026
Source: NVD
CVE-2026-27341 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through <= ...

Vendor: Mikado-Themes
Product: TopScorer - Sports WordPress Theme
Published: Mar 05, 2026
Source: NVD