CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-30789	RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks	05.03.2026	9.3
CVE-2026-30790	RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force	05.03.2026	9.3
CVE-2026-30797	RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server	05.03.2026	9.3
CVE-2026-30792	RustDesk Client Blindly Merges Unauthenticated Strategy Payloads, Bypassing Local Security Settings	05.03.2026	9.1
CVE-2026-30793	RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation	05.03.2026	9.3
CVE-2026-30794	RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure	05.03.2026	9.1
CVE-2026-2599	Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'	05.03.2026	9.8
CVE-2026-21628	Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla	05.03.2026	10
CVE-2026-28536		05.03.2026	9.6
CVE-2026-2743	SEPPmail User Web Interface Arbitrary File Write to RCE	05.03.2026	10
CVE-2026-1678	dns: memory‑safety issue in the DNS name parser	05.03.2026	9.4
CVE-2026-29127	Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Root Binaries in IDC SFX2100	05.03.2026	9.2
CVE-2026-2835	HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing	04.03.2026	9.3
CVE-2026-2833	HTTP Request Smuggling via Premature Upgrade	04.03.2026	9.3
CVE-2026-29000	pac4j-jwt JwtAuthenticator Authentication Bypass	04.03.2026	10
CVE-2026-20079		05.03.2026	10
CVE-2026-20131		05.03.2026	10
CVE-2026-28783	Craft has a Twig Function Blocklist Bypass	04.03.2026	9.4
CVE-2026-28697	Craft Affected by Authenticated RCE via "craft.app.fs.write()" in Twig Templates	04.03.2026	9.4
CVE-2026-27441	PDF Password CMDi	04.03.2026	9.5
CVE-2026-27442	zip_attachments Path Traversal	04.03.2026	9.3
CVE-2026-27446	Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation	05.03.2026	9.3
CVE-2026-29120	Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver	05.03.2026	9.2
CVE-2026-28777	Hardcoded and Insecure Credentials for "User" Local Account with SSH Access On IDC SFX2100 Satellite Receiver	05.03.2026	9.2
CVE-2026-28773	Authenticated OS Command Injection via Ping Utility Leading to RCE as Root	05.03.2026	9.3
CVE-2026-28774	Authenticated OS Command Injection via Traceroute Utility leads to Root RCE	05.03.2026	9.3
CVE-2026-28775	Unauthenticated RCE via SNMP Default Writable Community String	05.03.2026	10
CVE-2026-27971	Qwik affected by unauthenticated RCE via server$ Deserialization	04.03.2026	9.2
CVE-2026-28289	FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution	04.03.2026	10
CVE-2026-26279	Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection	04.03.2026	9.1
CVE-2026-26266	AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering	04.03.2026	9.3
CVE-2026-24898	OpenEMR has an Unauthenticated MedEx Token Disclosure	04.03.2026	10
CVE-2026-25146	OpenEMR's payments gateway_api_key secret rendered into client JS code	04.03.2026	9.6
CVE-2026-27012	Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php	04.03.2026	9.8
CVE-2026-3485	D-Link DIR-868L SSDP Service sub_1BF84 os command injection	03.03.2026	9.3
CVE-2026-3437	Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering Toolkits	03.03.2026	9.3
CVE-2026-22891		03.03.2026	9.8
CVE-2026-22886		03.03.2026	9.8
CVE-2026-1492	User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration	03.03.2026	9.8
CVE-2026-2628	All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass	03.03.2026	9.8
CVE-2025-50187	Chamilo: Evaluation of untrusted user input leads to Remote Code Execution	02.03.2026	9.8
CVE-2026-23600		03.03.2026	10
CVE-2025-12462	Blind SQL Injection in DobryCMS	02.03.2026	9.3
CVE-2025-14532	Remote Code Execution via Unrestricted File Upload in DobryCMS	02.03.2026	9.3
CVE-2026-3431	Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion	02.03.2026	9.8
CVE-2026-3432	Sim Studio AI - Unauthenticated OAuth Token Theft	02.03.2026	9.3
CVE-2025-30035	Lack of API authentication allowing session generation for any user	02.03.2026	9
CVE-2025-30042	Session generation possible with certificate number only	02.03.2026	9
CVE-2025-30044	RCE on uhcapache user permissions	02.03.2026	9.4
CVE-2026-2584	SQL Injection in Ciser System SL firmware	02.03.2026	9.3
CVE-2026-2999	Changing｜IDExpert Windows Logon Agent - Remote Code Execution	02.03.2026	9.3
CVE-2026-3000	Changing｜IDExpert Windows Logon Agent - Remote Code Execution	02.03.2026	9.3
CVE-2026-3422	e-Excellence｜U-Office Force - Insecure Deserialization	02.03.2026	9.3
CVE-2026-2844	TimePictra Authentication Bypass Vulnerability	02.03.2026	9.3
CVE-2026-3010	TimePictra Stored Cross-Site Scripting	02.03.2026	9.3
CVE-2026-28515	openDCIM <= 23.04 Missing Authorization in install.php	02.03.2026	9.3
CVE-2026-28516	openDCIM <= 23.04 SQL Injection in Config::UpdateParameter	02.03.2026	9.3
CVE-2026-28517	openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter	02.03.2026	9.3
CVE-2026-28408	WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php	02.03.2026	9.8
CVE-2026-28409	WeGIA Vulnerable to Remote Code Execution (RCE) via OS Command Injection	02.03.2026	10
CVE-2026-28411	WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)`	02.03.2026	9.8
CVE-2026-28268	Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse	03.03.2026	9.8
CVE-2026-27947	Group-Office Vulnerable to Remote Code Execution (RCE)	03.03.2026	9.4
CVE-2026-27755	SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID	02.03.2026	9.3
CVE-2026-27751	SODOLA SL902-SWTGW124AS <= 200.1.20 Use of Default Credentials	02.03.2026	9.3
CVE-2026-2749	Path traversal in Centreon Open Tickets	27.02.2026	9.9
CVE-2026-2750	Command Injection via CLAPI generatetraps	27.02.2026	9.1
CVE-2025-15498	SQL Injection in Pro3W CMS	27.02.2026	9.3
CVE-2025-11252	SQLi in Signum Technologies' windesk.fm	27.02.2026	9.8
CVE-2025-11251	SQLi in Dayneks Software's E-Commerce Platform	27.02.2026	9.8
CVE-2026-2251	Path Traversal leading to Remote Code Execution (RCE)	03.03.2026	9.8
CVE-2025-12981	Listee <= 1.1.6 - Unauthenticated Privilege Escalation	27.02.2026	9.8
CVE-2026-3301	Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection	27.02.2026	9.3
CVE-2026-28370		05.03.2026	9.1
CVE-2026-28363		27.02.2026	9.9
CVE-2026-21718	Copeland XWEB and XWEB Pro Use of a Broken or Risky Cryptographic Algorithm	02.03.2026	10
CVE-2026-24663	Copeland XWEB and XWEB Pro OS Command Injection	02.03.2026	9
CVE-2026-27028	Mobility46 mobility46.se Missing Authentication for Critical Function	03.03.2026	9.4
CVE-2026-27767	SWITCH EV swtchenergy.com Missing Authentication for Critical Function	02.03.2026	9.4
CVE-2026-27772	EV Energy ev.energy Missing Authentication for Critical Function	02.03.2026	9.4
CVE-2026-24731	EV2GO ev2go.io Missing Authentication for Critical Function	03.03.2026	9.4
CVE-2026-20781	CloudCharge cloudcharge.se Missing Authentication for Critical Function	02.03.2026	9.4
CVE-2026-25851	Chargemap chargemap.com Missing Authentication for Critical Function	02.03.2026	9.4
CVE-2026-28213	EverShop Vulnerable to Arbitrary Customer Account Takeover via Exposure of Password Reset Token in API Response	27.02.2026	9.8
CVE-2026-28215	hoppscotch Vulnerable to Unauthenticated Onboarding Config Takeover	02.03.2026	9.1

Latest Updates

CVE	Title	Updated	Score
CVE-2025-64166	Mercurius: Incorrect Content-Type parsing can lead to CSRF attack	05.03.2026	5.4
CVE-2026-25048	xgrammar: Multi-layer nesting causes DoS	05.03.2026
CVE-2026-30789	RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks	05.03.2026
CVE-2026-30790	RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force	05.03.2026
CVE-2026-30796	RustDesk Server Pro API Requires Address Book Password in Plaintext for Sync Protocol	05.03.2026
CVE-2026-30797	RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server	05.03.2026
CVE-2026-30798	RustDesk Client Accepts Unauthenticated stop-service Command via Strategy Payload	05.03.2026
CVE-2026-26377		05.03.2026
CVE-2026-30792	RustDesk Client Blindly Merges Unauthenticated Strategy Payloads, Bypassing Local Security Settings	05.03.2026
CVE-2026-30793	RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation	05.03.2026
CVE-2026-30794	RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure	05.03.2026
CVE-2026-30795	RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure	05.03.2026
CVE-2025-69534		05.03.2026
CVE-2026-30791	RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation	05.03.2026
CVE-2026-27748	Avira Internet Security Arbitrary File Deletion via Improper Link Resolution	05.03.2026
CVE-2026-27749	Avira Internet Security System Speedup Insecure Deserialization	05.03.2026
CVE-2026-27750	Avira Internet Security Optimizer TOCTOU	05.03.2026
CVE-2026-3598	RustDesk Server Generates Config Strings Using Reversible Encoding (Base64 + Reverse) Instead of Encryption	05.03.2026
CVE-2026-1720	WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation	05.03.2026	8.8
CVE-2026-2599	Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'	05.03.2026	9.8
CVE-2026-3236		05.03.2026
CVE-2026-1605		05.03.2026	7.5
CVE-2025-11143		05.03.2026	3.7
CVE-2026-21628	Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla	05.03.2026
CVE-2026-28542		05.03.2026	7.3
CVE-2026-28548		05.03.2026	7.1
CVE-2026-28551		05.03.2026	4.7
CVE-2026-28546		05.03.2026	5.9
CVE-2026-28547		05.03.2026	6.8
CVE-2026-28549		05.03.2026	6.6
CVE-2026-28538		05.03.2026	5.9
CVE-2026-28539		05.03.2026	6.2
CVE-2026-28540		05.03.2026	4
CVE-2026-28541		05.03.2026	4
CVE-2026-28543		05.03.2026	4.4
CVE-2025-66319		05.03.2026	3.3
CVE-2026-28544		05.03.2026	6.2
CVE-2026-28545		05.03.2026	5.9
CVE-2026-28550		05.03.2026	4
CVE-2026-28552		05.03.2026	6.5
CVE-2026-1321	Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'	05.03.2026	8.1
CVE-2026-21786	HCL Sametime for iOS is affected by sensitive information disclosure	05.03.2026	3.3
CVE-2026-28537		05.03.2026	5.1
CVE-2026-2893	Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter	05.03.2026	6.5
CVE-2026-25702	nftables disabled due to incorrect kernel backport	05.03.2026	7.3
CVE-2026-28536		05.03.2026	9.6
CVE-2026-2743	SEPPmail User Web Interface Arbitrary File Write to RCE	05.03.2026
CVE-2026-1678	dns: memory‑safety issue in the DNS name parser	05.03.2026	9.4
CVE-2025-53335	WordPress Berger theme <= 1.1.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2025-54001	WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability	05.03.2026
CVE-2025-68515	WordPress WP Booking System plugin <= 2.0.19.12 - Sensitive Data Exposure vulnerability	05.03.2026
CVE-2025-68553	WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability	05.03.2026
CVE-2025-68554	WordPress Keenarch theme < 2.0.1 - Arbitrary File Upload vulnerability	05.03.2026
CVE-2025-68555	WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability	05.03.2026
CVE-2025-69090	WordPress Remons theme <= 1.3.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2025-69338	WordPress Riode Core plugin <= 1.6.26 - SQL Injection vulnerability	05.03.2026
CVE-2025-69339	WordPress Molla theme <= 1.5.16 - Local File Inclusion vulnerability	05.03.2026
CVE-2025-69340	WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability	05.03.2026
CVE-2025-69343	WordPress Theater for WordPress plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2025-69411	WordPress ionCube tester plus plugin <= 1.3 - Arbitrary File Download vulnerability	05.03.2026
CVE-2026-22385	WordPress Wolmart theme <= 1.9.6 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22387	WordPress Aviana theme <= 2.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22389	WordPress Cocco theme <= 1.5.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22390	WordPress Builderall Builder for WordPress plugin <= 3.0.1 - Remote Code Execution (RCE) vulnerability	05.03.2026
CVE-2026-22392	WordPress Cortex theme <= 1.5 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22394	WordPress Evently theme <= 1.7 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22395	WordPress Fiorello theme <= 1.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22397	WordPress Fleur theme <= 2.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22399	WordPress Holmes theme <= 1.7 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22403	WordPress Innovio theme <= 1.7 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22405	WordPress Overton theme <= 1.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22408	WordPress Justicia theme <= 1.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22410	WordPress Dolcino theme <= 1.6 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22412	WordPress Eona theme <= 1.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22413	WordPress Malgré theme <= 1.0.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22414	WordPress Marra theme <= 1.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22415	WordPress The Mounty theme <= 1.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22416	WordPress FixTeam theme <= 1.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22417	WordPress Grand Wedding theme <= 3.1.0 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-22418	WordPress Great Lotus theme <= 1.3.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22419	WordPress Honor theme <= 2.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22420	WordPress Horizon theme <= 1.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22421	WordPress Quantum theme <= 1.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22423	WordPress SetSail theme <= 1.8 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22424	WordPress Shaha theme <= 1.1.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22425	WordPress Sweet Jane theme <= 1.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22427	WordPress GoTravel theme <= 2.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22428	WordPress Tooth Fairy theme <= 1.16 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22429	WordPress Verdure theme <= 1.6 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22431	WordPress Wabi-Sabi theme <= 1.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22432	WordPress Woopy theme <= 1.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22433	WordPress CloudMe theme <= 1.2.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22434	WordPress Crown Art theme <= 1.2.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22435	WordPress ElectroServ theme <= 1.3.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22436	WordPress Helvig theme <= 1.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22437	WordPress Playa theme <= 1.3.9 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22438	WordPress TheBi theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-22439	WordPress Green Planet theme <= 1.1.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22440	WordPress Thecs theme <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-22441	WordPress Zentrum theme <= 1.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22442	WordPress Tribe theme <= 1.7.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22443	WordPress Alliance theme <= 3.1.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22446	WordPress Prowess theme <= 1.8.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22449	WordPress Don Peppe theme <= 1.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22451	WordPress Handyman theme <= 1.4 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-22452	WordPress Hoverex theme <= 1.5.10 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22453	WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-22454	WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-22455	WordPress Thebe theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-22456	WordPress Askka theme <= 1.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22457	WordPress Wanderland theme <= 1.5 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22459	WordPress WordPress CTA plugin <= 1.7.4 - Broken Access Control vulnerability	05.03.2026
CVE-2026-22460	WordPress FormGent plugin <= 1.4.2 - Arbitrary File Deletion vulnerability	05.03.2026
CVE-2026-22465	WordPress BuddyApp theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-22467	WordPress DeepDigital theme <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-22471	WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-22473	WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-22474	WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-22475	WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-22476	WordPress Etchy theme <= 1.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22477	WordPress Felizia theme <= 1.3.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22478	WordPress FindAll theme <= 1.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-22479	WordPress Easy Post Submission plugin <= 2.2.0 - Broken Access Control vulnerability	05.03.2026
CVE-2026-22497	WordPress Jardi theme <= 1.7.2 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-22501	WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-23546	WordPress Classified Listing plugin <= 5.3.4 - Sensitive Data Exposure vulnerability	05.03.2026
CVE-2026-23798	WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-23799	WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability	05.03.2026
CVE-2026-23801	WordPress The Issue theme <= 1.6.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-23802	WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability	05.03.2026
CVE-2026-24385	WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-24960	WordPress Charety theme < 2.0.2 - Arbitrary File Upload vulnerability	05.03.2026
CVE-2026-24963	WordPress Amelia plugin <= 1.2.38 - Privilege Escalation vulnerability	05.03.2026
CVE-2026-27097	WordPress CasaMia \| Property Rental Real Estate WordPress Theme theme <= 1.1.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27098	WordPress Au Pair Agency - Babysitting & Nanny Theme theme <= 1.2.2 - Deserialization of untrusted data vulnerability	05.03.2026
CVE-2026-27326	WordPress AC Services \| HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27332	WordPress Agrofood theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27334	WordPress Alchemists theme <= 4.6.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27335	WordPress Ekoterra - NonProfit, Green Energy & Ecology Theme theme <= 1.0.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27336	WordPress Consultor \| Consulting, Accounting & Legal Counsel WordPress Theme theme <= 1.2.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27337	WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme <= 1.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27338	WordPress Car Zone theme <= 3.7 - Deserialization of untrusted data vulnerability	05.03.2026
CVE-2026-27339	WordPress Buzz Stone \| Magazine & Viral Blog WordPress Theme theme <= 1.0.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27340	WordPress Apollo \| Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27341	WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27342	WordPress TopFit - Fitness and Gym WordPress Theme theme <= 1.9 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27344	WordPress inseri core plugin <= 1.0.5 - Broken Access Control vulnerability	05.03.2026
CVE-2026-27348	WordPress Photography theme <= 7.6.1 - Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27352	WordPress Starto theme <= 2.1.9 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27353	WordPress Grand News \| Magazine Newspaper WordPress theme <= 3.4.3 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27354	WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27358	WordPress Architecturer theme <= 3.8.8 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27359	WordPress Awa Plugins plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27361	WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Broken Access Control vulnerability	05.03.2026
CVE-2026-27362	WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Broken Access Control vulnerability	05.03.2026
CVE-2026-27363	WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27367	WordPress Musico theme <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27369	WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-27370	WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability	05.03.2026
CVE-2026-27373	WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability	05.03.2026
CVE-2026-27374	WordPress WooCommerce Order Details plugin <= 3.1 - Broken Access Control vulnerability	05.03.2026
CVE-2026-27375	WordPress Gecko theme <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27376	WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27379	WordPress NextScripts plugin <= 4.4.7 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-27381	WordPress Aora theme <= 1.3.15 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27382	WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27383	WordPress Metro theme <= 2.13 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27384	WordPress W3 Total Cache plugin <= 2.9.1 - Arbitrary Code Execution vulnerability	05.03.2026
CVE-2026-27385	WordPress DesignThemes Portfolio plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-27386	WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability	05.03.2026
CVE-2026-27388	WordPress DesignThemes Booking Manager plugin <= 2.0 - Broken Access Control vulnerability	05.03.2026
CVE-2026-27389	WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability	05.03.2026
CVE-2026-27390	WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability	05.03.2026
CVE-2026-27396	WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability	05.03.2026
CVE-2026-27406	WordPress My Tickets plugin <= 2.1.0 - Sensitive Data Exposure vulnerability	05.03.2026
CVE-2026-27411	WordPress SiteGuard WP Plugin plugin <= 1.7.9 - Captcha Bypass vulnerability	05.03.2026
CVE-2026-27417	WordPress Sweet Date theme < 4.0.1 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-27428	WordPress Eagle Booking plugin <= 1.3.4.3 - SQL Injection vulnerability	05.03.2026
CVE-2026-27437	WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-27438	WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-27439	WordPress Dentario theme <= 1.5 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-27541	WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability	05.03.2026
CVE-2026-27983	WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability	05.03.2026
CVE-2026-27984	WordPress Widget Options plugin <= 4.1.3 - Remote Code Execution (RCE) vulnerability	05.03.2026
CVE-2026-27985	WordPress Humanum theme <= 1.1.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27986	WordPress OsTende theme <= 1.4.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27987	WordPress The Qlean theme <= 2.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27988	WordPress Equadio theme <= 1.1.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27989	WordPress Quanzo theme <= 1.0.10 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27990	WordPress ConFix theme <= 1.013 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27991	WordPress Avventure theme <= 1.1.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27992	WordPress Meals & Wheels theme <= 1.1.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27993	WordPress Aldo theme <= 1.0.10 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27994	WordPress Tediss theme <= 1.2.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27995	WordPress Justitia theme <= 1.1.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27996	WordPress Lingvico theme <= 1.0.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27997	WordPress Maxify theme <= 1.0.16 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-27998	WordPress Vixus theme <= 1.0.16 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28006	WordPress Yungen theme <= 1.0.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28007	WordPress Coinpress theme <= 1.0.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28009	WordPress DroneX theme <= 1.1.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28010	WordPress Scientia theme <= 1.2.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28011	WordPress Yottis theme <= 1.0.10 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28012	WordPress Gridiron theme <= 1.0.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28013	WordPress Kratz theme <= 1.0.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28014	WordPress Translogic theme <= 1.2.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28015	WordPress ShiftCV theme <= 3.0.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28016	WordPress Luxury Wine theme <= 1.1.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28017	WordPress Green Thumb theme <= 1.1.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28018	WordPress Global Logistics theme <= 3.20 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28019	WordPress Manoir theme <= 1.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28020	WordPress Chroma theme <= 1.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28021	WordPress Craftis theme <= 1.2.8 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28022	WordPress Foodie theme <= 1.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28023	WordPress Nuts theme <= 1.10 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28024	WordPress Helion theme <= 1.1.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28025	WordPress Stargaze theme <= 1.5 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28026	WordPress Motorix theme <= 1.6 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28027	WordPress Kayon theme <= 1.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28028	WordPress MoneyFlow theme <= 1.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28029	WordPress EmojiNation theme <= 1.0.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28030	WordPress Bonbon theme <= 1.6 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28031	WordPress Invetex theme <= 2.18 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28032	WordPress Tuning theme <= 1.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28033	WordPress Edifice theme <= 1.8 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28034	WordPress Progress theme <= 1.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28035	WordPress Printy theme <= 1.8 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28036	WordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability	05.03.2026
CVE-2026-28037	WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28038	WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability	05.03.2026
CVE-2026-28039	WordPress wpDataTables plugin <= 6.5.0.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28041	WordPress Grit theme <= 1.0.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28042	WordPress Listify plugin <= 3.2.5 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28043	WordPress Healer - Doctor, Clinic & Medical WordPress Theme theme <= 1.0.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28045	WordPress N7 \| Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28046	WordPress Law Office theme <= 3.3.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28047	WordPress Victo theme <= 1.4.16 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28048	WordPress FlashMart theme <= 2.0.15 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28049	WordPress Police Department theme <= 2.17 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28050	WordPress Beacon theme <= 2.24 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28051	WordPress Yacht Rental theme <= 2.6 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28052	WordPress Peter Mason theme <= 1.4.5 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28053	WordPress Miller theme <= 1.3.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28054	WordPress Legal Stone theme <= 1.2.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28055	WordPress M.Williamson theme <= 1.2.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28056	WordPress MCKinney's Politics theme <= 1.2.8 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28057	WordPress Mandala theme <= 2.8 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28058	WordPress Dixon theme <= 1.4.2.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28059	WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28060	WordPress S.King theme <= 1.5.3 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28061	WordPress Tiger Claw theme <= 1.1.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28062	WordPress Happy Baby theme <= 1.2.12 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28063	WordPress Asia Garden theme <= 1.3.1 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28064	WordPress Edge Decor theme <= 2.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28065	WordPress Eject theme <= 2.17 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28066	WordPress Legrand theme <= 2.17 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28067	WordPress Bassein theme <= 1.0.15 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28068	WordPress Rhythmo theme <= 1.3.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28069	WordPress Le Truffe theme <= 1.1.7 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28071	WordPress pixfort Core plugin <= 3.2.22 - Broken Access Control vulnerability	05.03.2026
CVE-2026-28072	WordPress pixfort Core plugin <= 3.2.22 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28074	WordPress Pizza House theme <= 1.4.0 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-28075	WordPress Porto theme <= 7.6.2 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28076	WordPress Guff theme <= 1.0.1 - Broken Access Control vulnerability	05.03.2026
CVE-2026-28077	WordPress Vapester theme <= 1.1.10 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28078	WordPress uListing plugin <= 2.2.0 - Arbitrary File Download vulnerability	05.03.2026
CVE-2026-28079	WordPress Conquerors theme <= 1.2.13 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28081	WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28084	WordPress Bazinga theme <= 1.1.9 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28085	WordPress Mahogany theme <= 2.9 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28086	WordPress Run Gran theme <= 2.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28087	WordPress Filmax theme <= 1.1.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28088	WordPress Aqualots theme <= 1.1.6 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28089	WordPress Daiquiri theme <= 1.2.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28090	WordPress Gamezone theme <= 1.1.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28091	WordPress Coleo theme <= 1.1.7 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28092	WordPress Sounder theme <= 1.3.11 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28093	WordPress Ozisti theme <= 1.1.10 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28094	WordPress RexCoin theme <= 1.2.6 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28095	WordPress Marcell theme <= 1.2.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28096	WordPress WealthCo theme <= 2.18 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28097	WordPress Artrium theme <= 1.0.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28098	WordPress Save Life theme <= 1.2.13 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28099	WordPress UberSlider Ultra plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28100	WordPress UberSlider PerpetuumMobile plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28101	WordPress UberSlider MouseInteraction plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28102	WordPress UberSlider Classic plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28103	WordPress LBG Zoominoutslider plugin <= 5.4.5 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28104	WordPress Site Suggest plugin <= 1.3.9 - Broken Access Control vulnerability	05.03.2026
CVE-2026-28105	WordPress Good Energy theme <= 1.7.7 - PHP Object Injection vulnerability	05.03.2026
CVE-2026-28107	WordPress Muzicon theme <= 1.9.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28108	WordPress LambertGroup - AllInOne - Banner with Thumbnails plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28109	WordPress LambertGroup - AllInOne - Content Slider plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28110	WordPress LambertGroup - AllInOne - Banner with Playlist plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28112	WordPress AllInOne - Banner Rotator plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28113	WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28114	WordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerability	05.03.2026
CVE-2026-28115	WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability	05.03.2026
CVE-2026-28117	WordPress smart SEO theme <= 2.9 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28118	WordPress Welldone theme <= 2.4 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28119	WordPress Nirvana theme <= 2.6 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28120	WordPress Dr.Patterson theme <= 1.3.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28121	WordPress Anderson theme <= 1.4.2 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28122	WordPress ListingPro plugin <= 2.9.8 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28123	WordPress Veil theme <= 1.9 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28124	WordPress Notarius theme <= 1.9 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28125	WordPress Midi theme <= 1.14 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28126	WordPress RH Frontend Publishing Pro plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28127	WordPress Lawyer Directory plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28128	WordPress Verse theme <= 1.7.0 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28129	WordPress Little Birdies theme <= 1.3.16 - Local File Inclusion vulnerability	05.03.2026
CVE-2026-28130	WordPress UDesign theme <= 4.14.0 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-28133	WordPress Filr plugin <= 1.2.12 - Arbitrary File Upload vulnerability	05.03.2026
CVE-2026-28134	WordPress JetEngine plugin <= 3.7.2 - Remote Code Execution (RCE) vulnerability	05.03.2026
CVE-2026-28135	WordPress Royal Elementor Addons plugin <= 1.7.1049 - Other Vulnerability Type vulnerability	05.03.2026
CVE-2026-28137	WordPress MediCenter - Health Medical Clinic WordPress Theme theme <= 14.9 - Reflected Cross Site Scripting (XSS) vulnerability	05.03.2026
CVE-2026-2418	Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass	05.03.2026
CVE-2026-23767		05.03.2026
CVE-2026-29052	HumHub Calendar Module: Stored XSS in Event Types	05.03.2026
CVE-2026-29053	Ghost Vulnerable to Remote Code Execution via Malicious Themes	05.03.2026	7.7
CVE-2026-27982		05.03.2026
CVE-2026-29128	IDC SFX2100 Satellite Receiver bgpd/ospfd/ripd/zebra Config Credential Disclosure via World-Readable Files	05.03.2026
CVE-2026-30777		05.03.2026
CVE-2026-3072	Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification	05.03.2026	4.3
CVE-2026-3523	Apocalypse Meow <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter	05.03.2026	4.9
CVE-2026-2365	Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission	05.03.2026	7.2
CVE-2026-2899	Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion	05.03.2026	6.5
CVE-2026-3034	OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls	05.03.2026	6.4
CVE-2024-57854	Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator	05.03.2026
CVE-2026-26033		05.03.2026
CVE-2026-26034		05.03.2026
CVE-2026-29127	Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Root Binaries in IDC SFX2100	05.03.2026
CVE-2025-40926	Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely	05.03.2026
CVE-2025-40931	Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id	05.03.2026
CVE-2026-29124	Multiple SUID Root Binaries in `monitor` User Home Directory Leading to Potential Local Privilege Escalation	05.03.2026
CVE-2026-29125	IDC SFX2100 Satellite Receiver allows unprivileged modification of DNS configuration due to world-writable `/etc/resolv.conf`	05.03.2026
CVE-2026-29126	World-Writable, Root Owned/Run `/etc/udhcpc/default.script` in IDC SFX2100 Satellite Receiver Leads To Potential LPE	05.03.2026
CVE-2026-3257	UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library	05.03.2026
CVE-2026-3381	Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib	05.03.2026
CVE-2026-29122	`/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE	05.03.2026
CVE-2026-29123	Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation	05.03.2026
CVE-2026-29121	`/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE	05.03.2026
CVE-2026-2836	Cache poisoning via insecure-by-default cache key	04.03.2026
CVE-2026-2835	HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing	04.03.2026
CVE-2026-22052		04.03.2026
CVE-2026-2833	HTTP Request Smuggling via Premature Upgrade	04.03.2026
CVE-2025-41257	Suprema BioStar 2 Insecure Password Change	04.03.2026	4.8
CVE-2026-26002	OnDemand susceptible to malicious input when navigating to a directory.	05.03.2026
CVE-2026-29045	Hono: Arbitrary file access via serveStatic vulnerability	05.03.2026	7.5
CVE-2026-29085	Hono: SSE Control Field Injection via CR/LF in writeSSE()	05.03.2026	6.5
CVE-2026-29086	Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()	05.03.2026	5.4
CVE-2026-2297	SourcelessFileLoader does not use io.open_code()	04.03.2026
CVE-2025-68467	Dark Reader gives users the ability to request style sheets from local web servers	04.03.2026	3.4
CVE-2026-22040	NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash	05.03.2026	5.3
CVE-2026-25750	LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl	05.03.2026
CVE-2025-66024	XWiki Blog Application home page vulnerable to Stored XSS via Post Title	04.03.2026
CVE-2026-27802	Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager	05.03.2026	8.3
CVE-2026-27803	Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role	05.03.2026	8.3
CVE-2026-27898	Vaultwarden: Unauthorized Access via Partial Update API on Another User’s Cipher	05.03.2026	5.4
CVE-2026-29000	pac4j-jwt JwtAuthenticator Authentication Bypass	04.03.2026
CVE-2026-27801	Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement	05.03.2026
CVE-2025-70222		05.03.2026