CVE Vulnerabilities

CVE vulnerability database enriched with CISA KEV and NVD data

Total: 16,913 CVEs

CVE ID	CVSS	Severity	KEV	Published
CVE-2026-23750 Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_S...	8.1	HIGH	—	2/26/2026
CVE-2025-67957 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue...	8.1	HIGH	—	1/22/2026
CVE-2025-67616 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: ...	8.1	HIGH	—	1/22/2026
CVE-2025-67615 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour:...	8.1	HIGH	—	1/22/2026
CVE-2025-69004 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar all...	8.1	HIGH	—	1/22/2026
CVE-2025-69005 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This is...	8.1	HIGH	—	1/22/2026
CVE-2026-1529 A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lac...	8.1	HIGH	—	2/9/2026
CVE-2025-69037 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo...	8.1	HIGH	—	1/22/2026
CVE-2025-69038 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori...	8.1	HIGH	—	1/22/2026
CVE-2025-69039 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bai...	8.1	HIGH	—	1/22/2026
CVE-2025-69041 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dek...	8.1	HIGH	—	1/22/2026
CVE-2025-69057 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Eldon eldon allows PHP Local File Inclusion.This issue affects Eldo...	8.1	HIGH	—	1/22/2026
CVE-2025-69058 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue a...	8.1	HIGH	—	1/22/2026
CVE-2025-69059 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects D...	8.1	HIGH	—	1/22/2026
CVE-2025-69060 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects u...	8.1	HIGH	—	1/22/2026
CVE-2025-69061 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects M...	8.1	HIGH	—	1/22/2026
CVE-2025-69062 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Weedles weedles allows PHP Local File Inclusion.This issue affects...	8.1	HIGH	—	1/22/2026
CVE-2025-69064 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pets Land petsland allows PHP Local File Inclusion.This issue affe...	8.1	HIGH	—	1/22/2026
CVE-2025-69065 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Snow Mountain snowmountain allows PHP Local File Inclusion.This is...	8.1	HIGH	—	1/22/2026
CVE-2025-69066 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Indoor Plants indoor-plants allows PHP Local File Inclusion.This i...	8.1	HIGH	—	1/22/2026
CVE-2025-69067 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tails tails allows PHP Local File Inclusion.This issue affects Tai...	8.1	HIGH	—	1/22/2026
CVE-2025-69068 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Muji muji allows PHP Local File Inclusion.This issue affects Muji:...	8.1	HIGH	—	1/22/2026
CVE-2025-69074 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.Thi...	8.1	HIGH	—	1/22/2026
CVE-2025-69075 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Yolox yolox allows PHP Local File Inclusion.This issue affects Yol...	8.1	HIGH	—	1/22/2026
CVE-2025-69076 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.T...	8.1	HIGH	—	1/22/2026
CVE-2025-69077 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hobo hobo allows PHP Local File Inclusion.This issue affects Hobo:...	8.1	HIGH	—	1/22/2026
CVE-2025-69078 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Mal...	8.1	HIGH	—	1/22/2026
CVE-2025-69097 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9....	8.1	HIGH	—	1/22/2026
CVE-2026-26985 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to v...	8.1	HIGH	—	2/25/2026
CVE-2025-69100 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects No...	8.1	HIGH	—	1/22/2026
CVE-2026-22385 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects W...	8.1	HIGH	—	3/5/2026
CVE-2026-22429 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Verdure verdure allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/5/2026
CVE-2026-25136 Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability w...	8.1	HIGH	—	2/25/2026
CVE-2026-25750 Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studi...	8.1	HIGH	—	3/4/2026
CVE-2026-24038 Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server re...	8.1	HIGH	—	1/22/2026
CVE-2026-22435 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ElectroServ electroserv allows PHP Local File Inclusion.This issue...	8.1	HIGH	—	3/5/2026
CVE-2026-22436 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Helvig helvig allows PHP Local File Inclusion.This issue affects ...	8.1	HIGH	—	3/5/2026
CVE-2026-22437 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Playa playa allows PHP Local File Inclusion.This issue affects Pla...	8.1	HIGH	—	3/5/2026
CVE-2026-22038 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT pla...	8.1	HIGH	—	2/4/2026
CVE-2026-22439 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This iss...	8.1	HIGH	—	3/5/2026
CVE-2026-22153 An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentl...	8.1	HIGH	—	2/10/2026
CVE-2026-22278 Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially e...	8.1	HIGH	—	1/22/2026
CVE-2026-25890 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the...	8.1	HIGH	—	2/9/2026
CVE-2026-22441 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Zentrum zentrum allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/5/2026
CVE-2026-22442 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LaunchandSell Tribe tribe allows PHP Local File Inclusion.This issue affects Tr...	8.1	HIGH	—	3/5/2026
CVE-2026-22443 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Alliance alliance allows PHP Local File Inclusion.This issue affects A...	8.1	HIGH	—	3/5/2026
CVE-2026-22446 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/5/2026
CVE-2026-22449 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Don Peppe donpeppe allows PHP Local File Inclusion.This issue aff...	8.1	HIGH	—	3/5/2026
CVE-2026-21989 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high ...	8.1	HIGH	—	1/20/2026
CVE-2026-27334 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dan_fisher Alchemists alchemists allows PHP Local File Inclusion.This issue aff...	8.1	HIGH	—	3/5/2026

Page 80 of 339

Previous Next

This product uses data from the NVD API but is not endorsed or certified by the NVD.