Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-22408 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Justicia justicia allows PHP Local File Inclusion.This issue affects Justicia: from n/a through <= 1.2.
|
|||||
| CVE-2026-27987 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affects The Qlean: from n/a through <= 2.12.
|
|||||
| CVE-2025-69339 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through <= 1.5.16.
|
|||||
| CVE-2025-66024 | 2026-03-05 | N/A | N/A | ||
|
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML <title> tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious JavaScript into the title field. This script will execute in the browser of any user (including administ ...
Show More |
|||||
| CVE-2026-22410 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dolcino dolcino allows PHP Local File Inclusion.This issue affects Dolcino: from n/a through <= 1.6.
|
|||||
| CVE-2026-22385 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through <= 1.9.6.
|
|||||
| CVE-2026-23801 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through <= 1.6.11.
|
|||||
| CVE-2026-27982 | 2026-03-05 | N/A | 4.3 MEDIUM | ||
|
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.
|
|||||
| CVE-2026-27361 | 2026-03-05 | N/A | N/A | ||
|
Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.1.
|
|||||
| CVE-2026-23546 | 2026-03-05 | N/A | N/A | ||
|
Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from n/a through <= 5.3.4.
|
|||||
| CVE-2026-22415 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes The Mounty the-mounty allows PHP Local File Inclusion.This issue affects The Mounty: from n/a through <= 1.1.
|
|||||
| CVE-2026-27988 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Equadio equadio allows PHP Local File Inclusion.This issue affects Equadio: from n/a through <= 1.1.3.
|
|||||
| CVE-2026-27352 | 2026-03-05 | N/A | N/A | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through <= 2.1.9.
|
|||||
| CVE-2026-23798 | 2026-03-05 | N/A | N/A | ||
|
Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10.
|
|||||
| CVE-2026-22471 | 2026-03-05 | N/A | N/A | ||
|
Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1.
|
|||||
| CVE-2026-26002 | 2026-03-05 | N/A | N/A | ||
|
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible.
|
|||||
| CVE-2026-29126 | 2026-03-05 | N/A | N/A | ||
|
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost.
|
|||||
| CVE-2026-27439 | 2026-03-05 | N/A | N/A | ||
|
Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5.
|
|||||
| CVE-2026-22424 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Shaha shaha allows PHP Local File Inclusion.This issue affects Shaha: from n/a through <= 1.1.2.
|
|||||
| CVE-2026-22433 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CloudMe cloudme allows PHP Local File Inclusion.This issue affects CloudMe: from n/a through <= 1.2.2.
|
|||||
| CVE-2026-27363 | 2026-03-05 | N/A | N/A | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6.
|
|||||
| CVE-2026-24385 | 2026-03-05 | N/A | N/A | ||
|
Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1.
|
|||||
| CVE-2026-27353 | 2026-03-05 | N/A | N/A | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through <= 3.4.3.
|
|||||
| CVE-2026-3257 | 2026-03-05 | N/A | 9.8 CRITICAL | ||
|
UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library.
UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.
|
|||||
| CVE-2026-27359 | 2026-03-05 | N/A | N/A | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Awa Plugins awa-plugins allows Reflected XSS.This issue affects Awa Plugins: from n/a through <= 1.4.4.
|
|||||
| CVE-2026-22425 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Sweet Jane sweetjane allows PHP Local File Inclusion.This issue affects Sweet Jane: from n/a through <= 1.2.
|
|||||
| CVE-2026-22473 | 2026-03-05 | N/A | N/A | ||
|
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7.
|
|||||
| CVE-2026-22431 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wabi-Sabi wabi-sabi allows PHP Local File Inclusion.This issue affects Wabi-Sabi: from n/a through <= 1.2.
|
|||||
| CVE-2026-26033 | 2026-03-05 | N/A | 6.7 MEDIUM | ||
|
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges.
|
|||||
| CVE-2026-27342 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a through <= 1.9.
|
|||||
| CVE-2026-27417 | 2026-03-05 | N/A | N/A | ||
|
Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1.
|
|||||
| CVE-2026-22432 | 2026-03-05 | N/A | N/A | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Woopy woopy allows PHP Local File Inclusion.This issue affects Woopy: from n/a through <= 1.2.
|
|||||
| CVE-2026-27438 | 2026-03-05 | N/A | N/A | ||
|
Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7.
|
|||||
| CVE-2026-2835 | 2026-03-05 | N/A | N/A | ||
|
An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers to send HTTP/1.0 requests in a way that would desync Pingora’s request framing from backend servers’.
Impact
This vulnerability primarily affects standalone Pingora deployments in front of certain b ...
Show More |
|||||
| CVE-2026-2297 | 2026-03-05 | N/A | N/A | ||
|
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
|
|||||
| CVE-2026-27376 | 2026-03-05 | N/A | N/A | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through <= 2.2.7.
|
|||||
| CVE-2026-27803 | 2026-03-05 | N/A | 8.3 HIGH | ||
|
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4.
|
|||||
| CVE-2026-22475 | 2026-03-05 | N/A | N/A | ||
|
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.
|
|||||
| CVE-2026-27098 | 2026-03-05 | N/A | N/A | ||
|
Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nanny Theme: from n/a through <= 1.2.2.
|
|||||
| CVE-2025-70222 | 2026-03-05 | N/A | 9.8 CRITICAL | ||
|
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode.
|
|||||