Search

Expected end of text, found ':' (at char 27), (line:1, col:28)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (336832 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-23802 2 Jordy Meow, Wordpress 2 Ai-engine, Wordpress 2026-03-06 N/A
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through <= 3.3.2.
CVE-2026-24960 2 Wordpress, Zozothemes 2 Wordpress, Charety 2026-03-06 N/A
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through < 2.0.2.
CVE-2026-27097 2 Ancorathemes, Wordpress 2 Casamia | Property Rental Real Estate Wordpress Theme, Wordpress 2026-03-06 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Theme: from n/a through <= 1.1.2.
CVE-2026-27338 2 Aivahthemes, Wordpress 2 Car Zone, Wordpress 2026-03-06 N/A
Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through <= 3.7.
CVE-2026-27339 2 Ancorathemes, Wordpress 2 Buzz Stone | Magazine & Viral Blog Wordpress Theme, Wordpress 2026-03-06 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Buzz Stone | Magazine & Viral Blog WordPress Theme buzzstone allows PHP Local File Inclusion.This issue affects Buzz Stone | Magazine & Viral Blog WordPress Theme: from n/a through <= 1.0.2.
CVE-2026-28559 2 Gvectors, Wordpress 2 Wpforo Forum, Wordpress 2026-03-06 5.3 Medium
wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.
CVE-2026-27344 2 Inseriswiss, Wordpress 2 Inseri Core, Wordpress 2026-03-06 N/A
Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <= 1.0.5.
CVE-2026-27348 2 Themegoods, Wordpress 2 Photography, Wordpress 2026-03-06 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through <= 7.6.1.
CVE-2026-27353 2 Themegoods, Wordpress 2 Grand News, Wordpress 2026-03-06 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through <= 3.4.3.
CVE-2026-27358 2 Themegoods, Wordpress 2 Architecturer, Wordpress 2026-03-06 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Architecturer architecturer allows Reflected XSS.This issue affects Architecturer: from n/a through <= 3.8.8.
CVE-2026-27361 2 Webcodingplace, Wordpress 2 Responsive Posts Carousel Pro, Wordpress 2026-03-06 N/A
Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.1.
CVE-2026-28560 2 Gvectors, Wordpress 2 Wpforo Forum, Wordpress 2026-03-06 5.5 Medium
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break out of the JavaScript string context and execute arbitrary script in all visitors' browsers.
CVE-2026-28561 2 Gvectors, Wordpress 2 Wpforo Forum, Wordpress 2026-03-06 5.5 Medium
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account, attackers set a forum description containing HTML event handlers that execute when any user views the forum listing.
CVE-2026-28007 2 Themerex, Wordpress 2 Coinpress, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Coinpress coinpress allows PHP Local File Inclusion.This issue affects Coinpress: from n/a through <= 1.0.14.
CVE-2026-28010 2 Themerex, Wordpress 2 Scientia, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Scientia scientia allows PHP Local File Inclusion.This issue affects Scientia: from n/a through <= 1.2.4.
CVE-2026-28012 2 Themerex, Wordpress 2 Gridiron, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gridiron gridiron allows PHP Local File Inclusion.This issue affects Gridiron: from n/a through <= 1.0.14.
CVE-2026-28019 2 Themerex, Wordpress 2 Manoir, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through <= 1.11.
CVE-2026-28021 2 Themerex, Wordpress 2 Craftis, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Craftis craftis allows PHP Local File Inclusion.This issue affects Craftis: from n/a through <= 1.2.8.
CVE-2026-28023 2 Themerex, Wordpress 2 Nuts, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nuts nuts allows PHP Local File Inclusion.This issue affects Nuts: from n/a through <= 1.10.
CVE-2026-28025 2 Themerex, Wordpress 2 Stargaze, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Stargaze stargaze allows PHP Local File Inclusion.This issue affects Stargaze: from n/a through <= 1.5.