Vulnerabilites CVE

Base de donnees CVE enrichie avec CISA KEV et NVD

Total: 16,988 CVEs

CVE ID	CVSS	Severite	KEV	Publie
CVE-2026-2418 The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as a...	9.1	CRITICAL	—	3/5/2026
CVE-2026-29128 IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The config...	10.0	CRITICAL	—	3/5/2026
CVE-2026-29053 Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in...	7.6	HIGH	—	3/5/2026
CVE-2026-29052 The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cros...	6.1	MEDIUM	—	3/5/2026
CVE-2026-28137 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects...	7.1	HIGH	—	3/5/2026
CVE-2026-28135 Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This is...	8.2	HIGH	—	3/5/2026
CVE-2026-28134 Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.	8.5	HIGH	—	3/5/2026
CVE-2026-28133 Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14.	8.5	HIGH	—	3/5/2026
CVE-2026-28130 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through <= ...	7.1	HIGH	—	3/5/2026
CVE-2026-28129 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This ...	8.1	HIGH	—	3/5/2026
CVE-2026-28128 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse: ...	8.1	HIGH	—	3/5/2026
CVE-2026-28127 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directo...	7.1	HIGH	—	3/5/2026
CVE-2026-28126 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend P...	7.1	HIGH	—	3/5/2026
CVE-2026-28125 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Midi midi allows PHP Local File Inclusion.This issue affects Midi:...	8.1	HIGH	—	3/5/2026
CVE-2026-28124 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affec...	8.1	HIGH	—	3/5/2026
CVE-2026-28123 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil:...	8.1	HIGH	—	3/5/2026
CVE-2026-28122 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from...	7.1	HIGH	—	3/5/2026
CVE-2026-28121 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue...	8.1	HIGH	—	3/5/2026
CVE-2026-28120 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue a...	8.1	HIGH	—	3/5/2026
CVE-2026-28119 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nir-vana allows PHP Local File Inclusion.This issue affects...	8.1	HIGH	—	3/5/2026
CVE-2026-28118 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Welldone welldone allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/5/2026
CVE-2026-28117 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affec...	8.1	HIGH	—	3/5/2026
CVE-2026-28115 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSyste...	9.3	CRITICAL	—	3/5/2026
CVE-2026-28114 Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Lice...	9.1	CRITICAL	—	3/5/2026
CVE-2026-28113 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimat...	7.1	HIGH	—	3/5/2026
CVE-2026-28112 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue af...	7.1	HIGH	—	3/5/2026
CVE-2026-28110 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows R...	7.1	HIGH	—	3/5/2026
CVE-2026-28109 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Reflected XS...	7.1	HIGH	—	3/5/2026
CVE-2026-28108 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows R...	7.1	HIGH	—	3/5/2026
CVE-2026-28107 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Muzicon muzicon allows PHP Local File Inclusion.This issue affects Muz...	8.1	HIGH	—	3/5/2026
CVE-2026-28105 Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7.	9.8	CRITICAL	—	3/5/2026
CVE-2026-28104 Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a throu...	6.5	MEDIUM	—	3/5/2026
CVE-2026-28103 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows Reflected XSS.This issue affects LBG Z...	7.1	HIGH	—	3/5/2026
CVE-2026-28102 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Classic uberSlider_classic allows Reflected XSS.This issue affects UberSli...	7.1	HIGH	—	3/5/2026
CVE-2026-28101 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider MouseInteraction uberSlider_mouseinteraction allows Reflected XSS.This iss...	7.1	HIGH	—	3/5/2026
CVE-2026-28100 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider PerpetuumMobile uberSlider_perpetuummobile allows Reflected XSS.This issue...	7.1	HIGH	—	3/5/2026
CVE-2026-28099 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Ultra uberSlider_ultra allows Reflected XSS.This issue affects UberSlider ...	7.1	HIGH	—	3/5/2026
CVE-2026-28098 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects...	8.1	HIGH	—	3/5/2026
CVE-2026-28097 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Artrium artrium allows PHP Local File Inclusion.This issue affects Art...	8.1	HIGH	—	3/5/2026
CVE-2026-28096 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX WealthCo wealthco allows PHP Local File Inclusion.This issue affects W...	8.1	HIGH	—	3/5/2026
CVE-2026-28095 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Marcell marcell allows PHP Local File Inclusion.This issue affects Mar...	8.1	HIGH	—	3/5/2026
CVE-2026-28094 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX RexCoin rexcoin allows PHP Local File Inclusion.This issue affects Rex...	8.1	HIGH	—	3/5/2026
CVE-2026-28093 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Ozisti ozisti allows PHP Local File Inclusion.This issue affects Ozist...	8.1	HIGH	—	3/5/2026
CVE-2026-28092 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Sounder sounder allows PHP Local File Inclusion.This issue affects Sou...	8.1	HIGH	—	3/5/2026
CVE-2026-28091 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Coleo coleo allows PHP Local File Inclusion.This issue affects Coleo: ...	8.1	HIGH	—	3/5/2026
CVE-2026-28090 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gamezone gamezone allows PHP Local File Inclusion.This issue affects G...	8.1	HIGH	—	3/5/2026
CVE-2026-28089 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Daiquiri daiquiri allows PHP Local File Inclusion.This issue affects D...	8.1	HIGH	—	3/5/2026
CVE-2026-28088 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aqualots aqualots allows PHP Local File Inclusion.This issue affects A...	8.1	HIGH	—	3/5/2026
CVE-2026-28087 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Filmax filmax allows PHP Local File Inclusion.This issue affects Filma...	8.1	HIGH	—	3/5/2026
CVE-2026-28086 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Run Gran run-gran allows PHP Local File Inclusion.This issue affects R...	8.1	HIGH	—	3/5/2026

Page 224 de 340

Precedent Suivant

This product uses data from the NVD API but is not endorsed or certified by the NVD.