Search

Expected end of text, found ':' (at char 27), (line:1, col:28)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (336494 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-28105 2 Themerex, Wordpress 2 Good Energy, Wordpress 2026-03-06 9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7.
CVE-2026-28107 2 Themerex, Wordpress 2 Muzicon, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Muzicon muzicon allows PHP Local File Inclusion.This issue affects Muzicon: from n/a through <= 1.9.0.
CVE-2026-28108 2 Lambertgroup, Wordpress 2 Lambertgroup - Allinone - Banner With Thumbnails, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Reflected XSS.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a through <= 3.8.
CVE-2026-28109 2 Lambertgroup, Wordpress 2 Lambertgroup - Allinone - Content Slider, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Reflected XSS.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through <= 3.8.
CVE-2026-28110 2 Lambertgroup, Wordpress 2 Lambertgroup - Allinone - Banner With Playlist, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Reflected XSS.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through <= 3.8.
CVE-2026-28112 2 Lambertgroup, Wordpress 2 Allinone - Banner Rotator, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through <= 3.8.
CVE-2026-28113 2 Azzaroco, Wordpress 2 Ultimate Learning Pro, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.1.
CVE-2026-28114 2 Firassaidi, Wordpress 2 Woocommerce License Manager, Wordpress 2026-03-06 9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through <= 7.0.6.
CVE-2026-28115 2 Loopus, Wordpress 2 Wp Attractive Donations System - Easy Stripe & Paypal Donations, Wordpress 2026-03-06 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
CVE-2026-28117 2 Axiomthemes, Wordpress 2 Smart Seo, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through <= 2.9.
CVE-2026-28118 2 Axiomthemes, Wordpress 2 Welldone, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Welldone welldone allows PHP Local File Inclusion.This issue affects Welldone: from n/a through <= 2.4.
CVE-2026-28119 2 Axiomthemes, Wordpress 2 Nirvana, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nirvana allows PHP Local File Inclusion.This issue affects Nirvana: from n/a through <= 2.6.
CVE-2026-28120 2 Themerex, Wordpress 2 Dr.patterson, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue affects Dr.Patterson: from n/a through <= 1.3.2.
CVE-2026-28121 2 Ancorathemes, Wordpress 2 Anderson, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue affects Anderson: from n/a through <= 1.4.2.
CVE-2026-28122 2 Cridio, Wordpress 2 Listingpro, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through <= 2.9.8.
CVE-2026-28123 2 Ancorathemes, Wordpress 2 Veil, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through <= 1.9.
CVE-2026-28124 2 Ancorathemes, Wordpress 2 Notarius, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affects Notarius: from n/a through <= 1.9.
CVE-2026-28125 2 Ancorathemes, Wordpress 2 Midi, Wordpress 2026-03-06 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Midi midi allows PHP Local File Inclusion.This issue affects Midi: from n/a through <= 1.14.
CVE-2026-28126 2 Sizam, Wordpress 2 Rh Frontend Publishing Pro, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through <= 4.3.2.
CVE-2026-28127 2 E-plugins, Wordpress 2 Lawyer Directory, Wordpress 2026-03-06 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directory: from n/a through <= 1.3.2.