CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2100 matches found

CVE•added 2026/03/05 5:54 a.m.•5 views

CVE-2026-27987

CVE-2026-27987 concerns WordPress ThemeREX The Qlean (the-qlean)

8.1CVSS5.9AI score0.00172EPSS

Exploits0References1

CVE•added 2026/03/05 5:54 a.m.•5 views

CVE-2026-27986

CVE-2026-27986 is a Local File Inclusion (LFI) vulnerability in the WordPress ThemeOsTende OSTende by ThemeREX. Affected: OsTende versions up to and including 1.4.3. Root cause: improper filename handling for PHP include/require statements (PHP Remote File Inclusion risk turned into Local File In...

8.1CVSS5.9AI score0.00172EPSS

Exploits0References1

CVE•added 2026/03/05 5:54 a.m.•4 views

CVE-2026-27437

CVE-2026-27437 is a PHP Object Injection vulnerability in the ThemeREX Tennis Club WordPress theme (tennis-sportclub), arising from deserialization of untrusted data that enables object injection. Public records in NVD, Red Hat, CVE listings, and PatchStack describe it as deserialization-based, a...

9.8CVSS5.9AI score0.00061EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:53 a.m.•2 views

CVE-2026-27383 WordPress Metro theme <= 2.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metro: from n/a through = 2.13...

8.1CVSS5.8AI score0.00056EPSS

Exploits0References1

CVE•added 2026/03/05 5:53 a.m.•3 views

CVE-2026-27383

CVE-2026-27383 affects RadiusTheme Metro WordPress theme (

8.1CVSS5.9AI score0.00056EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:53 a.m.•2 views

CVE-2026-27381 WordPress Aora theme <= 1.3.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through = 1.3.15...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

CVE•added 2026/03/05 5:53 a.m.•5 views

CVE-2026-27376

CVE-2026-27376 is a Reflected Cross‑Site Scripting vulnerability in the Claue theme (JanStudio Claue) for WordPress. It affects Claue – Clean, Minimal Elementor WooCommerce Theme versions from n/a through ≤ 2.2.7. The issue arises from improper neutralization of input during web page generation. ...

7.1CVSS5.9AI score0.00045EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:53 a.m.•25 views

CVE-2026-27353 WordPress Grand News | Magazine Newspaper WordPress theme <= 3.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through = 3.4.3...

7.1CVSS0.00045EPSS

Exploits0References1

CVE•added 2026/03/05 5:53 a.m.•7 views

CVE-2026-27352

CVE-2026-27352 affects ThemeGoods Starto (WordPress Starto theme). The vulnerability is a Reflected XSS due to improper input neutralization during web page generation. Affected versions are Starto from before 2.2.5 (i.e., impacted until 2.2.4). The CVSS 3.1 vector indicates Network attack, no pr...

7.1CVSS5.2AI score0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:53 a.m.•1 views

CVE-2026-27353 WordPress Grand News | Magazine Newspaper WordPress theme <= 3.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

5.8AI score0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:53 a.m.•1 views

CVE-2026-27340 WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

CVE•added 2026/03/05 5:53 a.m.•5 views

CVE-2026-27341

CVE-2026-27341 is a Local File Inclusion vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme, arising from improper control of filenames in include/require statements. Connected sources confirm exploitation potential for TopScorer themes affected up to version 1.2 (n/a through

8.1CVSS5.9AI score0.00172EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:53 a.m.•1 views

CVE-2026-27339 WordPress Buzz Stone | Magazine & Viral Blog WordPress Theme theme <= 1.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Buzz Stone | Magazine & Viral Blog WordPress Theme buzzstone allows PHP Local File Inclusion.This issue affects Buzz Stone | Magazine & Viral Blog WordPress Theme:...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

CVE•added 2026/03/05 5:53 a.m.•3 views

CVE-2026-27339

CVE-2026-27339 describes an Unauthenticated Local File Inclusion in the Buzz Stone WordPress Theme (AncoraThemes Buzz Stone) up to version 1.0.2, caused by improper control of filenames in include/require statements. Public sources (NVD/Red Hat/PatchStack/Wordfence) confirm the issue and classify...

8.1CVSS5.9AI score0.00172EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 5:53 a.m.•1 views

CVE-2026-27342

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a through = 1.9...

5.9AI score0.00172EPSS

Exploits0References2

Cvelist•added 2026/03/05 5:53 a.m.•27 views

CVE-2026-27340 WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability

8.1CVSS0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:53 a.m.•23 views

CVE-2026-27342 WordPress TopFit - Fitness and Gym WordPress Theme theme <= 1.9 - Local File Inclusion vulnerability

8.1CVSS0.00172EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:53 a.m.•1 views

CVE-2026-27342 WordPress TopFit - Fitness and Gym WordPress Theme theme <= 1.9 - Local File Inclusion vulnerability

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:53 a.m.•25 views

CVE-2026-27339 WordPress Buzz Stone | Magazine & Viral Blog WordPress Theme theme <= 1.0.2 - Local File Inclusion vulnerability

8.1CVSS0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:53 a.m.•26 views

CVE-2026-27341 WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through = 1.2...

8.1CVSS0.00172EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by