CVE Vulnerabilities

CVE vulnerability database enriched with CISA KEV and NVD data

Total: 16,837 CVEs

CVE ID	CVSS	Severity	KEV	Published
CVE-2026-24370 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8....	6.5	MEDIUM	—	3/25/2026
CVE-2026-24369 Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.	7.1	HIGH	—	3/25/2026
CVE-2026-24364 Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a th...	6.5	MEDIUM	—	3/25/2026
CVE-2026-24363 Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects W...	7.5	HIGH	—	3/25/2026
CVE-2026-24362 Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n...	6.4	MEDIUM	—	3/25/2026
CVE-2026-24359 Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.	8.8	HIGH	—	3/25/2026
CVE-2026-23979 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: fr...	7.1	HIGH	—	3/25/2026
CVE-2026-23977 Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security L...	7.5	HIGH	—	3/25/2026
CVE-2026-23973 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.	7.1	HIGH	—	3/25/2026
CVE-2026-23972 Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This...	6.5	MEDIUM	—	3/25/2026
CVE-2026-23971 Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8.	8.1	HIGH	—	3/25/2026
CVE-2026-23807 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affect...	7.1	HIGH	—	3/25/2026
CVE-2026-23806 Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for Word...	7.5	HIGH	—	3/25/2026
CVE-2026-23636 Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due...	5.5	MEDIUM	—	3/25/2026
CVE-2026-23635 Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Crede...	6.5	MEDIUM	—	3/25/2026
CVE-2026-22524 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Legacy Admin legacy-admin allows Reflected XSS.This issue affects Legacy Admin: from ...	7.1	HIGH	—	3/25/2026
CVE-2026-22523 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordP...	7.1	HIGH	—	3/25/2026
CVE-2026-22520 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Handmade Framework handmade-framework allows Reflected XSS.This issue affects Handmade Fra...	7.1	HIGH	—	3/25/2026
CVE-2026-22516 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This is...	8.1	HIGH	—	3/25/2026
CVE-2026-22515 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affec...	8.1	HIGH	—	3/25/2026
CVE-2026-22514 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Uni...	8.1	HIGH	—	3/25/2026
CVE-2026-22513 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Triompher triompher allows PHP Local File Inclusion.This issue aff...	8.1	HIGH	—	3/25/2026
CVE-2026-22512 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects ...	8.1	HIGH	—	3/25/2026
CVE-2026-22511 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/25/2026
CVE-2026-22510 Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through <= 1.6.3.	8.1	HIGH	—	3/25/2026
CVE-2026-22509 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gi...	8.1	HIGH	—	3/25/2026
CVE-2026-22508 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affec...	8.1	HIGH	—	3/25/2026
CVE-2026-22507 Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6.	9.8	CRITICAL	—	3/25/2026
CVE-2026-22506 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli allows PHP Local File Inclusion.This issue affects Am...	8.1	HIGH	—	3/25/2026
CVE-2026-22505 Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through <= 1.2.	8.1	HIGH	—	3/25/2026
CVE-2026-22504 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects...	8.1	HIGH	—	3/25/2026
CVE-2026-22503 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelso...	8.1	HIGH	—	3/25/2026
CVE-2026-22502 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue ...	8.1	HIGH	—	3/25/2026
CVE-2026-22500 Deserialization of Untrusted Data vulnerability in axiomthemes m2 \| Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 \| Construction and Tools Store: from n/a through <=...	9.8	CRITICAL	—	3/25/2026
CVE-2026-22499 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Lella lella allows PHP Local File Inclusion.This issue affects Le...	8.1	HIGH	—	3/25/2026
CVE-2026-22498 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/25/2026
CVE-2026-22496 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This iss...	8.1	HIGH	—	3/25/2026
CVE-2026-22495 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue a...	8.1	HIGH	—	3/25/2026
CVE-2026-22494 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affec...	8.1	HIGH	—	3/25/2026
CVE-2026-22493 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/25/2026
CVE-2026-22491 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affec...	7.1	HIGH	—	3/25/2026
CVE-2026-22485 Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/...	6.5	MEDIUM	—	3/25/2026
CVE-2026-22484 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n...	9.3	CRITICAL	—	3/25/2026
CVE-2026-22480 Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a throu...	7.2	HIGH	—	3/25/2026
CVE-2026-22448 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in flexcubed PitchPrint pitchprint allows Path Traversal.This issue affects PitchPrint: from n/a through <=...	7.5	HIGH	—	3/25/2026
CVE-2026-20719 Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the ...	4.3	MEDIUM	—	3/25/2026
CVE-2026-1724 GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API t...	6.8	MEDIUM	—	3/25/2026
CVE-2026-1712 Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.	N/A	NONE	—	3/25/2026
CVE-2025-69358 Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: ...	7.5	HIGH	—	3/25/2026
CVE-2025-69347 Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS...	8.5	HIGH	—	3/25/2026

Page 81 of 337

Previous Next

This product uses data from the NVD API but is not endorsed or certified by the NVD.