CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

92995 matches found

ATTACKERKB•added 2026/03/05 5:54 a.m.•3 views

CVE-2026-28009

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX DroneX dronex allows PHP Local File Inclusion.This issue affects DroneX: from n/a through = 1.1.12...

5.9AI score0.00172EPSS

Exploits0References2

CVE•added 2026/03/05 5:54 a.m.•4 views

CVE-2026-27997

CVE-2026-27997 refers to a Local File Inclusion vulnerability in the WordPress ThemeREX Maxify theme (Maxify) for WordPress. The issue is caused by improper control of filenames in PHP include/require statements, enabling a local file inclusion (LFI) condition. Affected software: ThemeREX Maxify,...

8.1CVSS5.9AI score0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:54 a.m.•28 views

CVE-2026-27997 WordPress Maxify theme <= 1.0.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Maxify maxify allows PHP Local File Inclusion.This issue affects Maxify: from n/a through = 1.0.16...

8.1CVSS0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:54 a.m.•27 views

CVE-2026-27995 WordPress Justitia theme <= 1.1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Justitia justitia allows PHP Local File Inclusion.This issue affects Justitia: from n/a through = 1.1.0...

8.1CVSS0.00172EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:54 a.m.•3 views

CVE-2026-27989 WordPress Quanzo theme <= 1.0.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Quanzo quanzo allows PHP Local File Inclusion.This issue affects Quanzo: from n/a through = 1.0.10...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:54 a.m.•30 views

CVE-2026-27991 WordPress Avventure theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Avventure avventure allows PHP Local File Inclusion.This issue affects Avventure: from n/a through = 1.1.12...

8.1CVSS0.00172EPSS

Exploits0References1

CVE•added 2026/03/05 5:54 a.m.•10 views

CVE-2026-27991

CVE-2026-27991 refers to a Local File Inclusion in the WordPress theme Avventure (ThemeREX) up to version 1.1.12. The vulnerability arises from improper control of include/require filename in a PHP program, enabling unauthenticated LFI. Public sources (Wordfence, PatchStack, CVE records) indicate...

8.1CVSS5.9AI score0.00172EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:54 a.m.•2 views

CVE-2026-27987 WordPress The Qlean theme <= 2.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affects The Qlean: from n/a through = 2.12...

5.8AI score0.00172EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 5:54 a.m.•4 views

CVE-2026-27988

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Equadio equadio allows PHP Local File Inclusion.This issue affects Equadio: from n/a through = 1.1.3...

5.9AI score0.00172EPSS

Exploits0References2

ATTACKERKB•added 2026/03/05 5:54 a.m.•2 views

CVE-2026-27986

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX OsTende ostende allows PHP Local File Inclusion.This issue affects OsTende: from n/a through = 1.4.3...

5.9AI score0.00172EPSS

Exploits0References2

CVE•added 2026/03/05 5:54 a.m.•6 views

CVE-2026-27437

CVE-2026-27437 is a PHP Object Injection vulnerability in the ThemeREX Tennis Club WordPress theme (tennis-sportclub), arising from deserialization of untrusted data that enables object injection. Public records in NVD, Red Hat, CVE listings, and PatchStack describe it as deserialization-based, a...

9.8CVSS5.9AI score0.00061EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:54 a.m.•2 views

CVE-2026-27437 WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through = 1.2.3...

5.8AI score0.00061EPSS

Exploits0References1

CVE•added 2026/03/05 5:54 a.m.•6 views

CVE-2026-27417

CVE-2026-27417 describes a Deserialization of Untrusted Data vulnerability in the SeventhQueen Sweet Date (sweetdate) WordPress theme, enabling PHP Object Injection prior to version 4.0.1. Connected sources (Red Hat and CVE records) confirm the issue affects Sweet Date

9.8CVSS5.9AI score0.00061EPSS

Exploits0References1

CVE•added 2026/03/05 5:53 a.m.•11 views

CVE-2026-27379

CVE-2026-27379 concerns the WordPress plugin NextScripts: Social Networks Auto-Poster (v

8.8CVSS5.9AI score0.00071EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 5:53 a.m.•2 views

CVE-2026-27342

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a through = 1.9...

5.9AI score0.00172EPSS

Exploits0References2

Vulnrichment•added 2026/03/05 5:53 a.m.•1 views

CVE-2026-27341 WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through = 1.2...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 5:53 a.m.•2 views

CVE-2026-27341

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through = 1.2...

5.9AI score0.00172EPSS

Exploits0References2

Cvelist•added 2026/03/05 5:53 a.m.•27 views

CVE-2026-27336 WordPress Consultor | Consulting, Accounting & Legal Counsel WordPress Theme theme <= 1.2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Consultor | Consulting, Accounting & Legal Counsel WordPress Theme consultor allows PHP Local File Inclusion.This issue affects Consultor | Consulting, Accounting &...

8.1CVSS0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:53 a.m.•26 views

CVE-2026-27337 WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress...

8.1CVSS0.00056EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:53 a.m.•26 views

CVE-2026-22501 WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through = 1.3.2...

9.8CVSS0.00061EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by