Export limit exceeded: 336593 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336593 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28032 | 2 Themerex, Wordpress | 2 Tuning, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tuning tuning allows PHP Local File Inclusion.This issue affects Tuning: from n/a through <= 1.3. | ||||
| CVE-2026-28030 | 2 Themerex, Wordpress | 2 Bonbon, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through <= 1.6. | ||||
| CVE-2026-28028 | 2 Themerex, Wordpress | 2 Moneyflow, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX MoneyFlow moneyflow allows PHP Local File Inclusion.This issue affects MoneyFlow: from n/a through <= 1.0. | ||||
| CVE-2026-28026 | 2 Themerex, Wordpress | 2 Motorix, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Motorix motorix allows PHP Local File Inclusion.This issue affects Motorix: from n/a through <= 1.6. | ||||
| CVE-2026-28024 | 2 Axiomthemes, Wordpress | 2 Helion, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Helion helion allows PHP Local File Inclusion.This issue affects Helion: from n/a through <= 1.1.12. | ||||
| CVE-2026-28022 | 2 Themerex, Wordpress | 2 Foodie, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Foodie foodie allows PHP Local File Inclusion.This issue affects Foodie: from n/a through <= 1.14. | ||||
| CVE-2026-27998 | 2 Themerex, Wordpress | 2 Vixus, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Vixus vixus allows PHP Local File Inclusion.This issue affects Vixus: from n/a through <= 1.0.16. | ||||
| CVE-2026-27996 | 2 Themerex, Wordpress | 2 Lingvico, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Lingvico lingvico allows PHP Local File Inclusion.This issue affects Lingvico: from n/a through <= 1.0.14. | ||||
| CVE-2026-27994 | 2 Themerex, Wordpress | 2 Tediss, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tediss tediss allows PHP Local File Inclusion.This issue affects Tediss: from n/a through <= 1.2.4. | ||||
| CVE-2026-27354 | 2 Webcodingplace, Wordpress | 2 Woocommerce Coming Soon Product With Countdown, Wordpress | 2026-03-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows Stored XSS.This issue affects WooCommerce Coming Soon Product with Countdown: from n/a through <= 5.0. | ||||
| CVE-2026-27352 | 2 Themegoods, Wordpress | 2 Starto, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through <= 2.1.9. | ||||
| CVE-2026-27341 | 2 Mikado-themes, Wordpress | 2 Topscorer - Sports Wordpress Theme, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through <= 1.2. | ||||
| CVE-2026-26124 | 1 Microsoft | 2 Confidental Containers, Microsoft Aci Confidential Containers | 2026-03-06 | 6.7 Medium |
| '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-69654 | 2026-03-06 | N/A | ||
| A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JS_FreeRuntime (list_empty(&rt->gc_obj_list)) during runtime cleanup. Although the engine reports an OOM error, it subsequently aborts with SIGABRT because the GC object list is not fully released. This results in a denial of service. | ||||
| CVE-2022-37007 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2026-03-06 | 7.5 High |
| The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. | ||||
| CVE-2022-32148 | 2 Golang, Redhat | 19 Go, Acm, Application Interconnect and 16 more | 2026-03-06 | 6.5 Medium |
| Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. | ||||
| CVE-2022-30629 | 2 Golang, Redhat | 15 Go, Acm, Ceph Storage and 12 more | 2026-03-06 | 3.1 Low |
| Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | ||||
| CVE-2022-2719 | 2 Fedoraproject, Imagemagick | 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick | 2026-03-06 | 5.5 Medium |
| In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. | ||||
| CVE-2022-1962 | 2 Golang, Redhat | 16 Go, Acm, Application Interconnect and 13 more | 2026-03-06 | 5.5 Medium |
| Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | ||||
| CVE-2021-47778 | 1 Get-simple | 1 Getsimplecms | 2026-03-06 | 7.2 High |
| GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server. | ||||