Export limit exceeded: 340783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340783 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28503 | 2026-03-26 | N/A | ||
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the `SyncViewSet.query_synced_folder()` action in `cookbook/views/api.py` (line 903) fetches a Sync object using `get_object_or_404(Sync, pk=pk)` without including `space=request.space` in the filter. This allows an admin user in Space A to trigger sync operations (Dropbox/Nextcloud/Local import) on Sync configurations belonging to Space B, and view the resulting sync logs. Version 2.6.0 patches the issue. | ||||
| CVE-2026-27081 | 2 Mikado-themes, Wordpress | 2 Rosebud, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4. | ||||
| CVE-2026-27079 | 2 Mikado-themes, Wordpress | 2 Amfissa, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1. | ||||
| CVE-2026-27077 | 2 Mikado-themes, Wordpress | 2 Multioffice, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2. | ||||
| CVE-2026-27075 | 2 Mikado-themes, Wordpress | 2 Belfort, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0. | ||||
| CVE-2026-27073 | 2 Addi, Wordpress | 2 Addi – Cuotas Que Se Adaptan A Ti, Wordpress | 2026-03-26 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan a ti: from n/a through <= 2.0.4. | ||||
| CVE-2026-27048 | 2 Elated-themes, Wordpress | 2 The Aisle Core, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through <= 2.0.5. | ||||
| CVE-2026-27039 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-03-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through <= 14.0.31. | ||||
| CVE-2026-25457 | 2 Select-themes, Wordpress | 2 Mixtape, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through <= 2.1. | ||||
| CVE-2026-25381 | 2 Jwsthemes, Wordpress | 2 Lovedate, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes LoveDate lovedate allows PHP Local File Inclusion.This issue affects LoveDate: from n/a through < 3.8.6. | ||||
| CVE-2026-25379 | 2 Jwsthemes, Wordpress | 2 Streamvid, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through < 6.8.6. | ||||
| CVE-2026-25377 | 2 Eyecix, Wordpress | 2 Addon Jobsearch Chat, Wordpress | 2026-03-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0. | ||||
| CVE-2026-25340 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2026-03-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through < 4.8.4. | ||||
| CVE-2026-25007 | 2 Elementinvader, Wordpress | 2 Elementinvader Addons For Elementor, Wordpress | 2026-03-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.2. | ||||
| CVE-2026-25002 | 2 Thimpress, Wordpress | 2 Learnpress – Sepay Payment, Wordpress | 2026-03-26 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through <= 4.0.0. | ||||
| CVE-2026-24993 | 2 Wordpress, Wpfactory | 2 Wordpress, Advanced Woocommerce Product Sales Reporting | 2026-03-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3. | ||||
| CVE-2026-24977 | 2 Nootheme, Wordpress | 2 Organici Library, Wordpress | 2026-03-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2. | ||||
| CVE-2026-24969 | 2 Designingmedia, Wordpress | 2 Instant Va, Wordpress | 2026-03-26 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a through <= 1.0.1. | ||||
| CVE-2026-33855 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-26 | 5.5 Medium |
| Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | ||||
| CVE-2026-22516 | 2 Ancorathemes, Wordpress | 2 Wizor's, Wordpress | 2026-03-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12. | ||||