Export limit exceeded: 334651 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334651 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25543 | 2 Htmlsanitizer Project, Mganss | 2 Htmlsanitizer, Htmlsanitizer | 2026-02-24 | 6.1 Medium |
| HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. This issue has been patched in versions 9.0.892 and 9.1.893-beta. | ||||
| CVE-2020-37117 | 1 Jizhicms | 1 Jizhicms | 2026-02-24 | 8.8 High |
| jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads. | ||||
| CVE-2026-1337 | 1 Neo4j | 3 Community Edition, Enterprise Edition, Neo4j | 2026-02-24 | 5.4 Medium |
| Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01. Proof of concept exploit: https://github.com/JoakimBulow/CVE-2026-1337 | ||||
| CVE-2025-13523 | 1 Mattermost | 1 Confluence | 2026-02-24 | 7.7 High |
| Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557 | ||||
| CVE-2026-25316 | 2 Brainstormforce, Wordpress | 2 Cartflows, Wordpress | 2026-02-24 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19. | ||||
| CVE-2026-23803 | 2 Burhan Nasir, Wordpress | 2 Smart Auto Upload Images, Wordpress | 2026-02-24 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through <= 1.2.2. | ||||
| CVE-2026-22379 | 2 Ancorathemes, Wordpress | 2 Netmix, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Netmix netmix allows PHP Local File Inclusion.This issue affects Netmix: from n/a through <= 1.0.10. | ||||
| CVE-2026-22377 | 2 Ancorathemes, Wordpress | 2 Saveo, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through <= 1.1.2. | ||||
| CVE-2026-22375 | 2 Ancorathemes, Wordpress | 2 Impacto Patronus, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Impacto Patronus impacto-patronus allows PHP Local File Inclusion.This issue affects Impacto Patronus: from n/a through <= 1.2.3. | ||||
| CVE-2026-22373 | 2 Ancorathemes, Wordpress | 2 Fooddy, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fooddy fooddy allows PHP Local File Inclusion.This issue affects Fooddy: from n/a through <= 1.3.10. | ||||
| CVE-2026-22371 | 2 Ancorathemes, Wordpress | 2 Gustavo, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gustavo gustavo allows PHP Local File Inclusion.This issue affects Gustavo: from n/a through <= 1.2.2. | ||||
| CVE-2026-22369 | 2 Ancorathemes, Wordpress | 2 Ironfit, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affects Ironfit: from n/a through <= 1.5. | ||||
| CVE-2026-22367 | 2 Ancorathemes, Wordpress | 2 Coworking, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue affects Coworking: from n/a through <= 1.6.1. | ||||
| CVE-2026-22363 | 2 Axiomthemes, Wordpress | 2 Rhodos, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rhodos: from n/a through <= 1.3.3. | ||||
| CVE-2026-22361 | 2 Axiomthemes, Wordpress | 2 A-mart, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-Mart: from n/a through <= 1.0.2. | ||||
| CVE-2026-22356 | 2 Automattic, Wordpress | 2 Jetpack Crm, Wordpress | 2026-02-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through <= 6.7.0. | ||||
| CVE-2026-22344 | 2 Mikado-themes, Wordpress | 2 Fivestar, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affects FiveStar: from n/a through <= 1.7. | ||||
| CVE-2026-22341 | 2 Case-themes, Wordpress | 2 Booked, Wordpress | 2026-02-24 | 5.4 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0. | ||||
| CVE-2026-22333 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Compare | 2026-02-24 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0. | ||||
| CVE-2025-69410 | 2 Edge-themes, Wordpress | 2 Belletrist, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue affects Belletrist: from n/a through <= 1.2. | ||||