Search

Search Results (365171 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57800 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through <= 1.5.
CVE-2026-57798 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inclusion.This issue affects NewsPlus Shortcodes: from n/a through <= 4.2.0.
CVE-2026-57796 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: from n/a through <= 3.0.0.
CVE-2026-57794 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo Framework golo-framework allows PHP Local File Inclusion.This issue affects Golo Framework: from n/a through <= 1.7.3.
CVE-2026-57792 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4.1.
CVE-2026-57788 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Aalto aalto allows PHP Local File Inclusion.This issue affects Aalto: from n/a through <= 1.8.
CVE-2026-57786 2026-07-13 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through <= 1.7.08.
CVE-2026-57783 2026-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in merkulove Speaker speaker allows Stored XSS.This issue affects Speaker: from n/a through <= 4.1.13.
CVE-2026-57782 2026-07-13 5.3 Medium
Missing Authorization vulnerability in PressTigers Universal Clocks universal-clocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Clocks: from n/a through <= 1.2.0.
CVE-2026-57780 2026-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through <= 0.22.
CVE-2026-57778 2026-07-13 5.3 Medium
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.36.
CVE-2026-57776 2026-07-13 5.3 Medium
Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through <= 1.3.7.
CVE-2026-57774 2026-07-13 5.3 Medium
Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through <= 1.1.0.
CVE-2026-57770 2026-07-13 9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through <= 5.7.8.
CVE-2026-57739 2026-07-13 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0.
CVE-2026-57740 2026-07-13 7.1 High
Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.1.
CVE-2026-57733 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through <= 3.9.4.
CVE-2026-57729 2026-07-13 7.5 High
Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.20.5.
CVE-2026-57725 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through <= 6.0.11.
CVE-2026-57728 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through <= 3.20.5.