17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 6651-6700 of 17426 CVEs Page 134 of 349
CVE-2026-22521
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework al...

2026-01-09
CVE-2026-2252
7.5
Unknown FreeFlow Core

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malici...

2026-02-27
CVE-2026-22511
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat...

2026-03-27
CVE-2026-22510
8.1
AncoraThemes Melody Multiple Products

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection

2026-03-27
CVE-2026-2251
Analyzed
9.8
Xerox FreeFlow Core

Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal l...

2026-02-27
CVE-2026-22509
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gioia gioia all...

2026-03-27
CVE-2026-22508
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalu...

2026-03-27
CVE-2026-22506
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli all...

2026-03-27
CVE-2026-22505
8.1
AncoraThemes Morning Multiple Products

Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection

2026-03-27
CVE-2026-22504
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua...

2026-03-27
CVE-2026-22503
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows...

2026-03-27
CVE-2026-22502
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mr

2026-03-27
CVE-2026-2250
7.5
Unknown Multiple Products

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication

2026-02-13
CVE-2026-22499
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Lella lella all...

2026-03-27
CVE-2026-22498
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent...

2026-03-27
CVE-2026-22496
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hyp...

2026-03-27
CVE-2026-22495
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Greenville green...

2026-03-27
CVE-2026-22494
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-home...

2026-03-27
CVE-2026-22493
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard...

2026-03-27
CVE-2026-2249
Analyzed
9.8
METIS DFS devices

METIS DFS devices (<= oscore 2.1.234-r18) expose an unauthenticated /console endpoint, allowing remote attackers to execute arbitrary commands with 'd...

2026-02-12
CVE-2026-2248
Analyzed
9.8
METIS WIC devices

METIS WIC devices (<= oscore 2.1.234-r18) allow unauthenticated remote attackers to execute arbitrary commands with root privileges via the /console e...

2026-02-12
CVE-2026-22383
Analyzed
7.5
WordPress Theme pawfriends

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows...

2026-02-21
CVE-2026-22380
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimh...

2026-02-21
CVE-2026-22378
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber...

2026-02-21
CVE-2026-22376
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivi...

2026-02-21
CVE-2026-22374
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioa...

2026-02-21
CVE-2026-22372
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allo...

2026-02-21
CVE-2026-22370
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marvela...

2026-02-21
CVE-2026-22368
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows...

2026-02-21
CVE-2026-22366
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows...

2026-02-21
CVE-2026-22364
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees sevent...

2026-02-21
CVE-2026-22362
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia...

2026-02-21
CVE-2026-2236
Analyzed
7.5
HGiga C&Cm@il

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read data...

2026-02-09
CVE-2026-22343
Analyzed
8.6
WordPress Dating Theme

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11

2026-06-18
CVE-2026-22342
Analyzed
8.8
WordPress Dating Theme

Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11

2026-06-18
CVE-2026-2234
Analyzed
9.1
HGiga C&Cm@il

A missing authentication vulnerability in HGiga C&Cm@il allows unauthenticated attackers to read and modify any user's email content.

2026-02-09
CVE-2026-22337
Analyzed
9.8
Directorist Directorist Multiple Products

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social...

2026-04-28
CVE-2026-22336
Analyzed
9.3
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Injection.This is...

2026-04-28
CVE-2026-22335
Analyzed
8.5
WooCommerce Frontend Manager – Ultimate

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6

2026-06-18
CVE-2026-22324
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP L...

2026-03-21
CVE-2026-22323
7.1
Link Aggregation Multiple Products

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sendi...

2026-03-19
CVE-2026-22322
7.1
Link Aggregation Multiple Products

A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create...

2026-03-19
CVE-2026-2232
7.5
WordPress is vulnerable

The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in a...

2026-02-20
CVE-2026-22317
7.2
Linux OS with

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST re...

2026-03-19
CVE-2026-22315
Analyzed
7.2
Meona Multiple Products

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export  of user da...

2026-05-22
CVE-2026-22314
Analyzed
9
Mesalvo Meona Meona

The Mesalvo Meona Client and Server components are vulnerable to code injection, allowing an attacker to execute code on other users' systems.

2026-05-21
CVE-2026-22312
Analyzed
8.6
Unknown Webserver/REST API

The device has a webserver that exposes a REST API authenticated with a constant token

2026-06-17
CVE-2026-2229
7.5
WebSocket Multiple Products

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in th...

2026-03-14
CVE-2026-22278
Analyzed
8.1
Dell Multiple Products

Dell PowerScale OneFS versions prior to 9

2026-01-23
CVE-2026-22277
Analyzed
7.8
Dell Multiple Products

Dell UnityVSA, version(s) 5

2026-01-30