Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2025-71327 Vulnerability in flowiseai (CVE-2025-71327)
vulnerability in flowiseai (CVE-2025-71327). Confidential information can be exposed externally.
CVE-2025-71333 Vulnerability in path-traversal (CVE-2025-71333)
vulnerability in path-traversal (CVE-2025-71333). Successful exploitation can lead to full system takeover.
CVE-2025-71324 Vulnerability in path-traversal (CVE-2025-71324)
vulnerability in path-traversal (CVE-2025-71324). Confidential information can be exposed externally.
CVE-2020-37256 Cross-Site Scripting (XSS) in getgrav (CVE-2020-37256)
cross-site scripting in getgrav (CVE-2020-37256). Risk of unauthorized operations or information disclosure.
CVE-2026-43920 Vulnerability in csrf (CVE-2026-43920)
vulnerability in csrf (CVE-2026-43920). Risk of unauthorized operations or information disclosure.
CVE-2026-40084 Path Traversal in path-traversal (CVE-2026-40084)
path traversal in path-traversal (CVE-2026-40084). Confidential information can be exposed externally.
CVE-2026-40083 SQL Injection in sqli (CVE-2026-40083)
SQL injection in sqli (CVE-2026-40083). Successful exploitation can lead to full system takeover.
CVE-2026-38637 Vulnerability in dos (CVE-2026-38637)
vulnerability in dos (CVE-2026-38637). Risk of unauthorized operations or information disclosure.
CVE-2026-38640 Vulnerability in dos (CVE-2026-38640)
vulnerability in dos (CVE-2026-38640). Risk of unauthorized operations or information disclosure.
CVE-2026-12340 Out-of-Bounds Read in dos (CVE-2026-12340)
vulnerability in dos (CVE-2026-12340). Risk of unauthorized operations or information disclosure.
CVE-2026-55958 Vulnerability in dos (CVE-2026-55958)
vulnerability in dos (CVE-2026-55958). Risk of unauthorized operations or information disclosure.
CVE-2026-37149 SQL Injection in sqli (CVE-2026-37149)
SQL injection in sqli (CVE-2026-37149). Confidential information can be exposed externally.
CVE-2026-57520 Vulnerability in privilege-escalation (CVE-2026-57520)
vulnerability in privilege-escalation (CVE-2026-57520). Data can be tampered with by attackers.
CVE-2026-56788 Out-of-Bounds Read in dos (CVE-2026-56788)
vulnerability in dos (CVE-2026-56788). Risk of unauthorized operations or information disclosure.
CVE-2026-56790 Vulnerability in c (CVE-2026-56790)
vulnerability in c (CVE-2026-56790). Data can be tampered with by attackers.
CVE-2026-56787 Vulnerability in c (CVE-2026-56787)
vulnerability in c (CVE-2026-56787). Risk of unauthorized operations or information disclosure.
CVE-2026-56786 Out-of-Bounds Write in dos (CVE-2026-56786)
out-of-bounds write in dos (CVE-2026-56786). Successful exploitation can lead to full system takeover.
CVE-2025-60465 Use-After-Free in c (CVE-2025-60465)
vulnerability in c (CVE-2025-60465). Data can be tampered with by attackers.
CVE-2025-60464 Use-After-Free in c (CVE-2025-60464)
vulnerability in c (CVE-2025-60464). Successful exploitation can lead to full system takeover.
CVE-2026-56774 Vulnerability in dos (CVE-2026-56774)
vulnerability in dos (CVE-2026-56774). Risk of unauthorized operations or information disclosure.
CVE-2026-56766 Vulnerability in CVE-2026-56766 (CVE-2026-56766)
vulnerability in CVE-2026-56766 (CVE-2026-56766). Successful exploitation can lead to full system takeover.
CVE-2026-54250 Path Traversal in path-traversal (CVE-2026-54250)
path traversal in path-traversal (CVE-2026-54250). Data can be tampered with by attackers. Mitigation: upgrade to `1.35.3` or later.
CVE-2026-54088 OS Command Injection in CVE-2026-54088 (CVE-2026-54088)
OS command injection in CVE-2026-54088 (CVE-2026-54088). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.63.6` or later.
CVE-2026-50549 Vulnerability in anysphere (CVE-2026-50549)
vulnerability in anysphere (CVE-2026-50549). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0` or later.
CVE-2026-50548 Path Traversal in anysphere (CVE-2026-50548)
path traversal in anysphere (CVE-2026-50548). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0` or later.
CVE-2026-9086 Cross-Site Scripting (XSS) in redhat (CVE-2026-9086)
cross-site scripting in redhat (CVE-2026-9086). Confidential information can be exposed externally.
CVE-2026-45233 Path Traversal in path-traversal (CVE-2026-45233)
path traversal in path-traversal (CVE-2026-45233). Data can be tampered with by attackers.
CVE-2026-47770 Vulnerability in c (CVE-2026-47770)
vulnerability in c (CVE-2026-47770). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.2` or later.
CVE-2026-55439 Path Traversal in path-traversal (CVE-2026-55439)
path traversal in path-traversal (CVE-2026-55439). Confidential information can be exposed externally. Exploitable via `GET /apis/console.api.migration.halo.run/v1alpha1/backups/{name}/files/{filename}`. Mitigation: upgrade to `2.24.3` or later.
CVE-2026-55413 Code Injection in CVE-2026-55413 (CVE-2026-55413)
code injection in CVE-2026-55413 (CVE-2026-55413). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
CVE-2026-55412 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55412)
SSRF in ssrf (CVE-2026-55412). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
CVE-2026-54573 Authorization Flaw in privilege-escalation (CVE-2026-54573)
vulnerability in privilege-escalation (CVE-2026-54573). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0` or later.
CVE-2026-54033 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54033)
SSRF in ssrf (CVE-2026-54033). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-13351 Vulnerability in dos (CVE-2026-13351)
vulnerability in dos (CVE-2026-13351). Risk of unauthorized operations or information disclosure.
CVE-2026-57535 Vulnerability in ssrf (CVE-2026-57535)
vulnerability in ssrf (CVE-2026-57535). Risk of unauthorized operations or information disclosure.
CVE-2026-57587 SQL Injection in sqli (CVE-2026-57587)
SQL injection in sqli (CVE-2026-57587). Risk of unauthorized operations or information disclosure.
CVE-2026-57588 SQL Injection in sqli (CVE-2026-57588)
SQL injection in sqli (CVE-2026-57588). Risk of unauthorized operations or information disclosure.
CVE-2026-56051 Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
CVE-2026-56122 Path Traversal in path-traversal (CVE-2026-56122)
path traversal in path-traversal (CVE-2026-56122). Confidential information can be exposed externally.
CVE-2026-56071 Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
CVE-2026-56049 Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
CVE-2026-54829 SQL Injection in sqli (CVE-2026-54829)
SQL injection in sqli (CVE-2026-54829). Confidential information can be exposed externally.
CVE-2026-54836 SQL Injection in sqli (CVE-2026-54836)
SQL injection in sqli (CVE-2026-54836). Confidential information can be exposed externally.
CVE-2026-54843 Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
CVE-2026-54838 Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.
Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.
CVE-2026-54849 Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
CVE-2026-56006 Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
CVE-2026-56014 Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
CVE-2026-56005 Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-56042 Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →