Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 5 March 2026
RSS523 vulnerabilities published on 5 March 2026
Severity:
QuanticaLabs MediCenter: Malicious Code Can Be Injected via Reflected Attack
CVE-2026-28137
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs MediCenter - Health Medical Clinic ...
7.1
UDesign: Malicious Code Can Run in Your Browser
CVE-2026-28130
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign u-design allows Reflected XS...
7.1
Lawyer Directory Input Not Sanitized, Allows Malicious Code Injection
CVE-2026-28127
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer Directory lawyer-directory allo...
7.1
RH Frontend Publishing Pro: Cross-site Scripting in Web Page Generation
CVE-2026-28126
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend Publishing Pro rh-frontend all...
7.1
CridioStudio ListingPro Plugin Allows Malicious Scripts in Web Pages
CVE-2026-28122
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows...
7.1
Ultimate Learning Pro: Malicious Code Can Be Injected into Pages
CVE-2026-28113
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Learning Pro indeed-learning-p...
7.1
LambertGroup AllInOne Banner Rotator allows Malicious Scripts in Banners
CVE-2026-28112
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-on...
7.1
LambertGroup AllInOne Banner with Playlist Can Inject Malicious Code
CVE-2026-28110
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner wi...
7.1
LambertGroup Content Slider: Reflected Attack Risk
CVE-2026-28109
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Content S...
7.1
LambertGroup AllInOne Banner with Thumbnails allows Malicious Code to Run
CVE-2026-28108
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner wi...
7.1
LambertGroup LBG Zoominoutslider: Malicious Scripts Can Be Injected into Website
CVE-2026-28103
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutsl...
7.1
UberSlider Classic: Malicious Code Injection
CVE-2026-28102
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Classic uberSlider_class...
7.1
LambertGroup UberSlider MouseInteraction accepts malicious web code
CVE-2026-28101
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider MouseInteraction uberSli...
7.1
UberSlider PerpetuumMobile Can Inject Malware in Web Pages
CVE-2026-28100
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider PerpetuumMobile uberSlid...
7.1
UberSlider Ultra allows hackers to inject malicious code on your website
CVE-2026-28099
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Ultra uberSlider_ultra a...
7.1
Porto Theme: Reflected XSS in Web Pages
CVE-2026-28075
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto porto allows Reflected XSS.This i...
7.1
Pixfort Core allows malicious code to run on user's browser
CVE-2026-28072
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixFort pixfort Core pixfort-core allows Reflect...
7.1
Listify Allows Hackers to Inject Malicious Code on Websites
CVE-2026-28042
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Listify listify allows Reflected XSS....
7.1
EventON: Malicious Code Can Be Injected into Web Pages
CVE-2026-28037
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Reflected XSS.Th...
7.1
Wholesale Suite Privilege Escalation Risk from Unauthorized Access
CVE-2026-27541
Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affe...
7.1
DesignThemes Portfolio: User Data Can Be Hijacked
CVE-2026-27385
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes...
7.1
RadiusTheme Metro: Attackers can inject malicious code into your website
CVE-2026-27382
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.Thi...
7.1
Claue Theme Allows Hackers to Run Malicious Scripts on Your Site
CVE-2026-27376
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCo...
7.1
JanStudio Gecko Cross-Site Scripting: Malicious Code Injection
CVE-2026-27375
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This ...
7.1
Musico Software Allows Hackers to Inject Malicious Code via Reflected XSS
CVE-2026-27367
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.Th...
7.1