Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-13521 |
|
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php....
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php....
|
| CVE-2026-13498 |
|
A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an...
A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an...
|
| CVE-2026-58054 |
|
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
|
| CVE-2026-3652 |
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
| CVE-2026-9029 |
|
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
|
| CVE-2026-42129 |
|
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
|
| CVE-2026-47906 |
|
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
|
| CVE-2026-11501 |
|
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System...
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System...
|
| CVE-2026-11489 |
|
A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects...
A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects...
|
| CVE-2026-11488 |
|
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This...
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This...
|
| CVE-2026-11486 |
|
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by...
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by...
|
| CVE-2026-11485 |
|
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1...
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1...
|
| CVE-2026-11484 |
|
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This...
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This...
|
| CVE-2026-11483 |
|
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This...
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This...
|
| CVE-2026-11462 |
|
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
|
| CVE-2026-5415 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-5411 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-46392 |
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
| CVE-2026-10777 |
|
A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
|
| CVE-2026-28299 |
|
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
|
| CVE-2026-1829 |
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
| CVE-2026-7313 |
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
|
| CVE-2026-7195 |
|
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
|
| CVE-2026-39555 |
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
| CVE-2026-39552 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2025-69369 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2025-68886 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2024-21182 KEV |
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
|
| CVE-2026-48557 |
|
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
|
| CVE-2026-44698 |
|
Code Injection in CVE-2026-44698 (CVE-2026-44698)
code injection in CVE-2026-44698 (CVE-2026-44698). Successful exploitation can lead to full system takeover. Exploitable via ``window.externalApp``. Mitigation: upgrade to `2026.4.1` or later.
|
| CVE-2025-11262 |
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
| CVE-2026-42762 |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
| CVE-2026-42746 |
|
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
|
| CVE-2026-42735 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
|
| CVE-2026-42737 |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
|
| CVE-2026-42745 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
| CVE-2026-42730 |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
|
| CVE-2026-9584 |
|
A security vulnerability has been detected in code-projects Project Management System 1.0....
A security vulnerability has been detected in code-projects Project Management System 1.0....
|
| CVE-2026-27891 |
|
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
|
| CVE-2026-46367 |
|
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
|
| CVE-2026-46366 |
|
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
|
| CVE-2026-46359 |
|
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
|
| CVE-2021-47966 |
|
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
|
| CVE-2021-47959 |
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
| CVE-2026-4094 |
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
|
| CVE-2026-37431 |
|
SQL Injection in sqli (CVE-2026-37431)
SQL injection in sqli (CVE-2026-37431). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44336 |
|
Vulnerability in praison (CVE-2026-44336)
vulnerability in praison (CVE-2026-44336). Successful exploitation can lead to full system takeover. Exploitable via ``praisonai.rules.create``.
|
| CVE-2013-10075 |
|
Vulnerability in apache (CVE-2013-10075)
vulnerability in apache (CVE-2013-10075). Confidential information can be exposed externally.
|
| CVE-2026-43944 |
|
Vulnerability in electerm (CVE-2026-43944)
vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.
|
| CVE-2026-43941 |
|
Vulnerability in electerm (CVE-2026-43941)
vulnerability in electerm (CVE-2026-43941). Successful exploitation can lead to full system takeover. Exploitable via ``shell.openExternal``.
|