Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-71327 |
|
Vulnerability in flowiseai (CVE-2025-71327)
vulnerability in flowiseai (CVE-2025-71327). Confidential information can be exposed externally.
|
| CVE-2025-71333 |
|
Vulnerability in path-traversal (CVE-2025-71333)
vulnerability in path-traversal (CVE-2025-71333). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71324 |
|
Vulnerability in path-traversal (CVE-2025-71324)
vulnerability in path-traversal (CVE-2025-71324). Confidential information can be exposed externally.
|
| CVE-2020-37256 |
|
Cross-Site Scripting (XSS) in getgrav (CVE-2020-37256)
cross-site scripting in getgrav (CVE-2020-37256). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43920 |
|
Vulnerability in csrf (CVE-2026-43920)
vulnerability in csrf (CVE-2026-43920). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40084 |
|
Path Traversal in path-traversal (CVE-2026-40084)
path traversal in path-traversal (CVE-2026-40084). Confidential information can be exposed externally.
|
| CVE-2026-40083 |
|
SQL Injection in sqli (CVE-2026-40083)
SQL injection in sqli (CVE-2026-40083). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38637 |
|
Vulnerability in dos (CVE-2026-38637)
vulnerability in dos (CVE-2026-38637). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38640 |
|
Vulnerability in dos (CVE-2026-38640)
vulnerability in dos (CVE-2026-38640). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12340 |
|
Out-of-Bounds Read in dos (CVE-2026-12340)
vulnerability in dos (CVE-2026-12340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55958 |
|
Vulnerability in dos (CVE-2026-55958)
vulnerability in dos (CVE-2026-55958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37149 |
|
SQL Injection in sqli (CVE-2026-37149)
SQL injection in sqli (CVE-2026-37149). Confidential information can be exposed externally.
|
| CVE-2026-57520 |
|
Vulnerability in privilege-escalation (CVE-2026-57520)
vulnerability in privilege-escalation (CVE-2026-57520). Data can be tampered with by attackers.
|
| CVE-2026-56788 |
|
Out-of-Bounds Read in dos (CVE-2026-56788)
vulnerability in dos (CVE-2026-56788). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56790 |
|
Vulnerability in c (CVE-2026-56790)
vulnerability in c (CVE-2026-56790). Data can be tampered with by attackers.
|
| CVE-2026-56787 |
|
Vulnerability in c (CVE-2026-56787)
vulnerability in c (CVE-2026-56787). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56786 |
|
Out-of-Bounds Write in dos (CVE-2026-56786)
out-of-bounds write in dos (CVE-2026-56786). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60465 |
|
Use-After-Free in c (CVE-2025-60465)
vulnerability in c (CVE-2025-60465). Data can be tampered with by attackers.
|
| CVE-2025-60464 |
|
Use-After-Free in c (CVE-2025-60464)
vulnerability in c (CVE-2025-60464). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56774 |
|
Vulnerability in dos (CVE-2026-56774)
vulnerability in dos (CVE-2026-56774). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56766 |
|
Vulnerability in CVE-2026-56766 (CVE-2026-56766)
vulnerability in CVE-2026-56766 (CVE-2026-56766). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54250 |
|
Path Traversal in path-traversal (CVE-2026-54250)
path traversal in path-traversal (CVE-2026-54250). Data can be tampered with by attackers. Mitigation: upgrade to `1.35.3` or later.
|
| CVE-2026-54088 |
|
OS Command Injection in CVE-2026-54088 (CVE-2026-54088)
OS command injection in CVE-2026-54088 (CVE-2026-54088). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.63.6` or later.
|
| CVE-2026-50549 |
|
Vulnerability in anysphere (CVE-2026-50549)
vulnerability in anysphere (CVE-2026-50549). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0` or later.
|
| CVE-2026-50548 |
|
Path Traversal in anysphere (CVE-2026-50548)
path traversal in anysphere (CVE-2026-50548). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0` or later.
|
| CVE-2026-9086 |
|
Cross-Site Scripting (XSS) in redhat (CVE-2026-9086)
cross-site scripting in redhat (CVE-2026-9086). Confidential information can be exposed externally.
|
| CVE-2026-45233 |
|
Path Traversal in path-traversal (CVE-2026-45233)
path traversal in path-traversal (CVE-2026-45233). Data can be tampered with by attackers.
|
| CVE-2026-47770 |
|
Vulnerability in c (CVE-2026-47770)
vulnerability in c (CVE-2026-47770). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.2` or later.
|
| CVE-2026-55439 |
|
Path Traversal in path-traversal (CVE-2026-55439)
path traversal in path-traversal (CVE-2026-55439). Confidential information can be exposed externally. Exploitable via `GET /apis/console.api.migration.halo.run/v1alpha1/backups/{name}/files/{filename}`. Mitigation: upgrade to `2.24.3` or later.
|
| CVE-2026-55413 |
|
Code Injection in CVE-2026-55413 (CVE-2026-55413)
code injection in CVE-2026-55413 (CVE-2026-55413). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
|
| CVE-2026-55412 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55412)
SSRF in ssrf (CVE-2026-55412). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
|
| CVE-2026-54573 |
|
Authorization Flaw in privilege-escalation (CVE-2026-54573)
vulnerability in privilege-escalation (CVE-2026-54573). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0` or later.
|
| CVE-2026-54033 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54033)
SSRF in ssrf (CVE-2026-54033). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-13351 |
|
Vulnerability in dos (CVE-2026-13351)
vulnerability in dos (CVE-2026-13351). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57535 |
|
Vulnerability in ssrf (CVE-2026-57535)
vulnerability in ssrf (CVE-2026-57535). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57587 |
|
SQL Injection in sqli (CVE-2026-57587)
SQL injection in sqli (CVE-2026-57587). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57588 |
|
SQL Injection in sqli (CVE-2026-57588)
SQL injection in sqli (CVE-2026-57588). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56051 |
|
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
|
| CVE-2026-56122 |
|
Path Traversal in path-traversal (CVE-2026-56122)
path traversal in path-traversal (CVE-2026-56122). Confidential information can be exposed externally.
|
| CVE-2026-56071 |
|
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
|
| CVE-2026-56049 |
|
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
|
| CVE-2026-54829 |
|
SQL Injection in sqli (CVE-2026-54829)
SQL injection in sqli (CVE-2026-54829). Confidential information can be exposed externally.
|
| CVE-2026-54836 |
|
SQL Injection in sqli (CVE-2026-54836)
SQL injection in sqli (CVE-2026-54836). Confidential information can be exposed externally.
|
| CVE-2026-54843 |
|
Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
|
| CVE-2026-54838 |
|
Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.
Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.
|
| CVE-2026-54849 |
|
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
|
| CVE-2026-56006 |
|
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
|
| CVE-2026-56014 |
|
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
|
| CVE-2026-56005 |
|
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
|
| CVE-2026-56042 |
|
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
|