Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54815 |
|
SQL Injection in c (CVE-2026-54815)
SQL injection in c (CVE-2026-54815). Confidential information can be exposed externally.
|
| CVE-2026-54817 |
|
Vulnerability in CVE-2026-54817 (CVE-2026-54817)
vulnerability in CVE-2026-54817 (CVE-2026-54817). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69140 |
|
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
|
| CVE-2025-68524 |
|
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
|
| CVE-2026-40720 |
|
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
|
| CVE-2025-69128 |
|
Path Traversal in path-traversal (CVE-2025-69128)
path traversal in path-traversal (CVE-2025-69128). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8494 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8494)
cross-site scripting in wordpress (CVE-2026-8494). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9570 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9570)
cross-site scripting in wordpress (CVE-2026-9570). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8607 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8607)
cross-site scripting in wordpress (CVE-2026-8607). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-59554 |
|
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
|
| CVE-2025-60230 |
|
Unsafe Deserialization in deserialization (CVE-2025-60230)
vulnerability in deserialization (CVE-2025-60230). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60236 |
|
Unsafe Deserialization in deserialization (CVE-2025-60236)
vulnerability in deserialization (CVE-2025-60236). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60229 |
|
Unsafe Deserialization in deserialization (CVE-2025-60229)
vulnerability in deserialization (CVE-2025-60229). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60231 |
|
Unsafe Deserialization in deserialization (CVE-2025-60231)
vulnerability in deserialization (CVE-2025-60231). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54189 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
|
| CVE-2026-54192 |
|
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
|
| CVE-2026-54195 |
|
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
|
| CVE-2026-54188 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
|
| CVE-2026-7850 |
|
Vulnerability in wordpress (CVE-2026-7850)
vulnerability in wordpress (CVE-2026-7850). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8089 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8089)
cross-site scripting in wordpress (CVE-2026-8089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54807 |
|
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
|
| CVE-2026-54196 |
|
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
|
| CVE-2026-54803 |
|
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
|
| CVE-2026-54805 |
|
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
|
| CVE-2026-54187 |
|
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
|
| CVE-2026-54186 |
|
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
|
| CVE-2026-54185 |
|
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
|
| CVE-2026-54811 |
|
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
|
| CVE-2026-55706 |
|
Vulnerability in c (CVE-2026-55706)
vulnerability in c (CVE-2026-55706). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49074 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
|
| CVE-2026-48869 |
|
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
|
| CVE-2026-49778 |
|
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
|
| CVE-2026-49058 |
|
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
|
| CVE-2026-48875 |
|
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
|
| CVE-2026-49076 |
|
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
|
| CVE-2026-49073 |
|
SQL Injection in sqli (CVE-2026-49073)
SQL injection in sqli (CVE-2026-49073). Confidential information can be exposed externally.
|
| CVE-2026-49079 |
|
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
|
| CVE-2026-48967 |
|
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
|
| CVE-2026-49080 |
|
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
|
| CVE-2026-49084 |
|
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
|
| CVE-2026-50203 |
|
Path Traversal in apache-airflow-providers-sftp (CVE-2026-50203)
path traversal in apache-airflow-providers-sftp (CVE-2026-50203). Confidential information can be exposed externally. Exploitable via ``SFTPHook.retrieve_directory``. Mitigation: upgrade to `5.8.1` or later.
|
| CVE-2026-41557 |
|
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
|
| CVE-2026-40765 |
|
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
|
| CVE-2026-42385 |
|
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
|
| CVE-2026-40783 |
|
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
|
| CVE-2026-39548 |
|
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
|
| CVE-2026-39597 |
|
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
|
| CVE-2026-39546 |
|
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
|
| CVE-2026-39596 |
|
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
|
| CVE-2026-27870 |
|
Cross-Site Scripting (XSS) in CVE-2026-27870 (CVE-2026-27870)
cross-site scripting in CVE-2026-27870 (CVE-2026-27870). Risk of unauthorized operations or information disclosure.
|