Export limit exceeded: 336257 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336257 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336257 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27335 | 2026-03-05 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allows PHP Local File Inclusion.This issue affects Ekoterra - NonProfit, Green Energy & Ecology Theme: from n/a through <= 1.0.0. | ||||
| CVE-2026-27338 | 2026-03-05 | N/A | ||
| Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through <= 3.7. | ||||
| CVE-2026-27336 | 2026-03-05 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Consultor | Consulting, Accounting & Legal Counsel WordPress Theme consultor allows PHP Local File Inclusion.This issue affects Consultor | Consulting, Accounting & Legal Counsel WordPress Theme: from n/a through <= 1.2.4. | ||||
| CVE-2026-27339 | 2026-03-05 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Buzz Stone | Magazine & Viral Blog WordPress Theme buzzstone allows PHP Local File Inclusion.This issue affects Buzz Stone | Magazine & Viral Blog WordPress Theme: from n/a through <= 1.0.2. | ||||
| CVE-2026-27348 | 2026-03-05 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through <= 7.6.1. | ||||
| CVE-2026-27362 | 2026-03-05 | N/A | ||
| Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6. | ||||
| CVE-2026-27363 | 2026-03-05 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6. | ||||
| CVE-2026-27367 | 2026-03-05 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through <= 3.2.4. | ||||
| CVE-2026-27381 | 2026-03-05 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15. | ||||
| CVE-2026-27384 | 2026-03-05 | N/A | ||
| Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1. | ||||
| CVE-2026-27386 | 2026-03-05 | N/A | ||
| Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through <= 1.8. | ||||
| CVE-2026-27382 | 2026-03-05 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13. | ||||
| CVE-2026-27389 | 2026-03-05 | N/A | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | ||||
| CVE-2026-27439 | 2026-03-05 | N/A | ||
| Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5. | ||||
| CVE-2025-68553 | 2026-03-05 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through < 2.0.1. | ||||
| CVE-2025-70221 | 1 Dlink | 1 Dir-513 | 2026-03-05 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. | ||||
| CVE-2025-70222 | 1 Dlink | 1 Dir-513 | 2026-03-05 | 9.8 Critical |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. | ||||
| CVE-2026-22040 | 1 Nanomq | 1 Nanomq | 2026-03-05 | 5.3 Medium |
| NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory corruption in the Broker process, causing it to exit immediately with SIGABRT due to free(): invalid pointer. As of time of publication, no known patched versions are available. | ||||
| CVE-2026-27803 | 1 Dani-garcia | 1 Vaultwarden | 2026-03-05 | 8.3 High |
| Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4. | ||||
| CVE-2025-46108 | 1 Dlink | 1 Dir-513 | 2026-03-05 | 9.8 Critical |
| D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. | ||||