Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,743
Quick preset (or use dates below)
Clear Filters
Showing 10,541 - 10,560 of 14,108 CVEs
CVE-2026-22408 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Justicia justicia allows PHP Local File Inclusion.This issue affects Justicia: from n/a through <= 1.2.

Vendor: Mikado-Themes
Product: Justicia
Published: Mar 05, 2026
Source: NVD
CVE-2026-22405 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Overton overton allows PHP Local File Inclusion.This issue affects Overton: from n/a through <= 1.3.

Vendor: Mikado-Themes
Product: Overton
Published: Mar 05, 2026
Source: NVD
CVE-2026-22403 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Innovio innovio allows PHP Local File Inclusion.This issue affects Innovio: from n/a through <= 1.7.

Vendor: Mikado-Themes
Product: Innovio
Published: Mar 05, 2026
Source: NVD
CVE-2026-22399 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affects Holmes: from n/a through <= 1.7.

Vendor: Mikado-Themes
Product: Holmes
Published: Mar 05, 2026
Source: NVD
CVE-2026-22397 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fleur: from n/a through <= 2.0.

Vendor: Mikado-Themes
Product: Fleur
Published: Mar 05, 2026
Source: NVD
CVE-2026-22395 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Fiorello fiorello allows PHP Local File Inclusion.This issue affects Fiorello: from n/a through <= 1.0.

Vendor: Mikado-Themes
Product: Fiorello
Published: Mar 05, 2026
Source: NVD
CVE-2026-22394 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Evently evently allows PHP Local File Inclusion.This issue affects Evently: from n/a through <= 1.7.

Vendor: Mikado-Themes
Product: Evently
Published: Mar 05, 2026
Source: NVD
CVE-2026-22392 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cortex cortex allows PHP Local File Inclusion.This issue affects Cortex: from n/a through <= 1.5.

Vendor: Mikado-Themes
Product: Cortex
Published: Mar 05, 2026
Source: NVD
CVE-2026-22389 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through <= 1.5.1.

Vendor: Mikado-Themes
Product: Cocco
Published: Mar 05, 2026
Source: NVD
CVE-2026-22387 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects Aviana: from n/a through <= 2.1.

Vendor: Mikado-Themes
Product: Aviana
Published: Mar 05, 2026
Source: NVD
CVE-2026-22385 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through <= 1.9.6.

Vendor: don-themes
Product: Wolmart
Published: Mar 05, 2026
Source: NVD
CVE-2025-69411 HIGH - 7.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3.

Vendor: Robert Seyfriedsberger
Product: ionCube tester plus
Published: Mar 05, 2026
Source: NVD
CVE-2025-69340 HIGH - 7.5

Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.3.

Vendor: BuddhaThemes
Product: WeDesignTech Ultimate Booking Addon
Published: Mar 05, 2026
Source: NVD
CVE-2025-69339 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through <= 1.5.16.

Vendor: don-themes
Product: Molla
Published: Mar 05, 2026
Source: NVD
CVE-2025-69090 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remons: from n/a through <= 1.3.4.

Vendor: ovatheme
Product: Remons
Published: Mar 05, 2026
Source: NVD
CVE-2025-53335 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Berger: from n/a through <= 1.1.1.

Vendor: ThemeREX
Product: Berger
Published: Mar 05, 2026
Source: NVD
CVE-2026-2365 HIGH - 7.2

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce verifi...

Published: Mar 05, 2026
Source: NVD
CVE-2026-29127 HIGH - 7.8

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation depend...

Vendor: International Datacasting Corporation
Product: SFX2100 Satellite Receiver
Published: Mar 05, 2026
Source: NVD
CVE-2026-26034 HIGH - 7.8

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL.

Vendor: Dell Inc.
Product: UPS Multi-UPS Management Console (MUMC)
Published: Mar 05, 2026
Source: NVD
CVE-2026-29126 HIGH - 7.8

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modi...

Vendor: International Datacasting Corporation
Product: SFX2100 Satellite Receiver
Published: Mar 05, 2026
Source: NVD