Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-27395 Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
CVE-2026-39438 Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
CVE-2026-28576 SQL Injection in sqli (CVE-2026-28576)
SQL injection in sqli (CVE-2026-28576). Confidential information can be exposed externally.
CVE-2026-2604 Vulnerability in path-traversal (CVE-2026-2604)
vulnerability in path-traversal (CVE-2026-2604). Data can be tampered with by attackers.
CVE-2026-27869 Vulnerability in dos (CVE-2026-27869)
vulnerability in dos (CVE-2026-27869). Risk of unauthorized operations or information disclosure.
CVE-2026-28575 Vulnerability in dos (CVE-2026-28575)
vulnerability in dos (CVE-2026-28575). Risk of unauthorized operations or information disclosure.
CVE-2026-27410 Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
CVE-2026-22328 Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.
CVE-2026-22339 Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
CVE-2026-22329 Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.
Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.
CVE-2026-22342 Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-22332 Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
CVE-2026-22335 Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.
CVE-2026-22340 Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
CVE-2026-12449 Use-After-Free in privilege-escalation (CVE-2026-12449)
vulnerability in privilege-escalation (CVE-2026-12449). Successful exploitation can lead to full system takeover.
CVE-2026-12448 Privilege Escalation in privilege-escalation (CVE-2026-12448)
vulnerability in privilege-escalation (CVE-2026-12448). Successful exploitation can lead to full system takeover.
CVE-2026-11975 Cross-Site Scripting (XSS) in CVE-2026-11975 (CVE-2026-11975)
cross-site scripting in CVE-2026-11975 (CVE-2026-11975). Risk of unauthorized operations or information disclosure.
CVE-2026-12165 Privilege Escalation in wordpress (CVE-2026-12165)
vulnerability in wordpress (CVE-2026-12165). Successful exploitation can lead to full system takeover. Exploitable via ``RegistryUserRole``.
CVE-2026-11858 Vulnerability in csharp (CVE-2026-11858)
vulnerability in csharp (CVE-2026-11858). Risk of unauthorized operations or information disclosure.
CVE-2026-11857 Unsafe Deserialization in csharp (CVE-2026-11857)
vulnerability in csharp (CVE-2026-11857). Risk of unauthorized operations or information disclosure.
CVE-2026-12360 SQL Injection in wordpress (CVE-2026-12360)
SQL injection in wordpress (CVE-2026-12360). Confidential information can be exposed externally.
CVE-2026-10094 Path Traversal in path-traversal (CVE-2026-10094)
path traversal in path-traversal (CVE-2026-10094). Successful exploitation can lead to full system takeover.
CVE-2026-12199 Vulnerability in dos (CVE-2026-12199)
vulnerability in dos (CVE-2026-12199). Risk of unauthorized operations or information disclosure. Exploitable via ``nltk.app.wordnet_app``.
CVE-2026-0064 Vulnerability in dos (CVE-2026-0064)
vulnerability in dos (CVE-2026-0064). Risk of unauthorized operations or information disclosure.
CVE-2026-12115 Unsafe Deserialization in wordpress (CVE-2026-12115)
vulnerability in wordpress (CVE-2026-12115). Successful exploitation can lead to full system takeover.
CVE-2025-69151 Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
CVE-2025-69179 Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
CVE-2025-69135 Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
CVE-2025-69104 Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
CVE-2025-69138 Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.
Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.
CVE-2025-59560 Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
CVE-2024-49269 Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
CVE-2025-31013 Cross-Site Scripting (XSS) in CVE-2025-31013 (CVE-2025-31013)
cross-site scripting in CVE-2025-31013 (CVE-2025-31013). Risk of unauthorized operations or information disclosure.
CVE-2024-34810 Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-34810)
vulnerability in csrf (CVE-2024-34810). Risk of unauthorized operations or information disclosure.
CVE-2024-35648 Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-35648)
vulnerability in csrf (CVE-2024-35648). Risk of unauthorized operations or information disclosure.
CVE-2025-59563 Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
CVE-2024-32729 Path Traversal in path-traversal (CVE-2024-32729)
path traversal in path-traversal (CVE-2024-32729). Confidential information can be exposed externally.
CVE-2026-46932 Vulnerability in c (CVE-2026-46932)
vulnerability in c (CVE-2026-46932). Confidential information can be exposed externally.
CVE-2026-46914 Privilege Escalation in c (CVE-2026-46914)
vulnerability in c (CVE-2026-46914). Confidential information can be exposed externally.
CVE-2026-46910 Vulnerability in c (CVE-2026-46910)
vulnerability in c (CVE-2026-46910). Confidential information can be exposed externally.
CVE-2026-46897 Vulnerability in c (CVE-2026-46897)
vulnerability in c (CVE-2026-46897). Confidential information can be exposed externally.
CVE-2026-46901 Privilege Escalation in c (CVE-2026-46901)
vulnerability in c (CVE-2026-46901). Confidential information can be exposed externally.
CVE-2026-46866 Vulnerability in c (CVE-2026-46866)
vulnerability in c (CVE-2026-46866). Risk of unauthorized operations or information disclosure.
CVE-2026-46872 Vulnerability in c (CVE-2026-46872)
vulnerability in c (CVE-2026-46872). Data can be tampered with by attackers.
CVE-2026-46863 Vulnerability in c (CVE-2026-46863)
vulnerability in c (CVE-2026-46863). Risk of unauthorized operations or information disclosure.
CVE-2026-46858 Vulnerability in c (CVE-2026-46858)
vulnerability in c (CVE-2026-46858). Data can be tampered with by attackers.
CVE-2026-46862 Vulnerability in c (CVE-2026-46862)
vulnerability in c (CVE-2026-46862). Risk of unauthorized operations or information disclosure.
CVE-2026-46776 Vulnerability in c (CVE-2026-46776)
vulnerability in c (CVE-2026-46776). Data can be tampered with by attackers.
CVE-2026-46768 Vulnerability in c (CVE-2026-46768)
vulnerability in c (CVE-2026-46768). Risk of unauthorized operations or information disclosure.
CVE-2026-35314 Vulnerability in c (CVE-2026-35314)
vulnerability in c (CVE-2026-35314). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →