anonhaven
Ad

CVE Vulnerability Database

Complete database of CVE vulnerabilities. Track critical security threats, exploits and patches. Updated daily from NVD NIST.

CVE-2026-28123

8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through …

PHP
Details

CVE-2026-28122

7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through <= 2.9.8.

Details

CVE-2026-28121

8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue affects Anderson: from n/a through …

PHP
Details

CVE-2026-28120

8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue affects Dr.Patterson: from n/a through …

PHP
Details

CVE-2026-28119

8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Nirvana allows PHP Local File Inclusion.This issue affects Nirvana: from n/a through 2.6.

PHP
Details

CVE-2026-28118

8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Welldone welldone allows PHP Local File Inclusion.This issue affects Welldone: from n/a through …

PHP
Details

CVE-2026-28117

8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from …

PHP
Details

CVE-2026-28115

9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Blind SQL Injection.This …

Details

CVE-2026-28114

9.1

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a …

Unrestricted
Details

CVE-2026-28113

7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.1.

Details
832/3864