Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46366 |
|
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
|
| CVE-2026-46359 |
|
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
|
| CVE-2026-46364 |
|
SQL Injection in thorsten/phpmyfaq (CVE-2026-46364)
SQL injection in thorsten/phpmyfaq (CVE-2026-46364). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/captcha`. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-46363 |
|
Cross-Site Scripting (XSS) in phpMyFAQ/phpMyFAQ (CVE-2026-46363)
cross-site scripting in phpMyFAQ/phpMyFAQ (CVE-2026-46363). Risk of unauthorized operations or information disclosure. Exploitable via ``FILTER_SANITIZE_SPECIAL_CHARS``. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-46361 |
|
Cross-Site Scripting (XSS) in thorsten/phpmyfaq (CVE-2026-46361)
cross-site scripting in thorsten/phpmyfaq (CVE-2026-46361). Confidential information can be exposed externally. Exploitable via ``search.twig``. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-46360 |
|
Cross-Site Scripting (XSS) in phpMyFAQ/phpMyFAQ (CVE-2026-46360)
cross-site scripting in phpMyFAQ/phpMyFAQ (CVE-2026-46360). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-45800 |
|
SQL Injection in sqli (CVE-2026-45800)
SQL injection in sqli (CVE-2026-45800). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.3` or later.
|
| CVE-2026-45622 |
|
Cross-Site Scripting (XSS) in CVE-2026-45622 (CVE-2026-45622)
cross-site scripting in CVE-2026-45622 (CVE-2026-45622). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.3` or later.
|
| CVE-2026-45008 |
|
Path Traversal in phpMyFAQ/phpMyFAQ (CVE-2026-45008)
path traversal in phpMyFAQ/phpMyFAQ (CVE-2026-45008). Data can be tampered with by attackers. Exploitable via ``clientFolder``. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-44826 |
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positive...
|
| CVE-2026-44366 |
|
Cross-Site Scripting (XSS) in CVE-2026-44366 (CVE-2026-44366)
cross-site scripting in CVE-2026-44366 (CVE-2026-44366). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.1` or later.
|
| CVE-2021-47964 |
|
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
|
| CVE-2021-47965 |
|
Unrestricted File Upload in wordpress (CVE-2021-47965)
vulnerability in wordpress (CVE-2021-47965). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47966 |
|
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
|
| CVE-2021-47968 |
|
Cross-Site Scripting (XSS) in CVE-2021-47968 (CVE-2021-47968)
cross-site scripting in CVE-2021-47968 (CVE-2021-47968). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47967 |
|
Cross-Site Scripting (XSS) in c (CVE-2021-47967)
cross-site scripting in c (CVE-2021-47967). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47959 |
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
| CVE-2021-47963 |
|
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
|
| CVE-2021-47962 |
|
Cross-Site Scripting (XSS) in CVE-2021-47962 (CVE-2021-47962)
cross-site scripting in CVE-2021-47962 (CVE-2021-47962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45610 |
|
Vulnerability in WWBN/AVideo (CVE-2026-45610)
vulnerability in WWBN/AVideo (CVE-2026-45610). Data can be tampered with by attackers. Exploitable via ``SameSite``.
|
| CVE-2026-45580 |
|
Cross-Site Scripting (XSS) in WWBN/AVideo (CVE-2026-45580)
cross-site scripting in WWBN/AVideo (CVE-2026-45580). Risk of unauthorized operations or information disclosure. Exploitable via ``echo``.
|
| CVE-2026-8695 |
|
Use-After-Free in dos (CVE-2026-8695)
vulnerability in dos (CVE-2026-8695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23695 |
|
Cross-Site Scripting (XSS) in cockpit-hq/cockpit (CVE-2026-23695)
cross-site scripting in cockpit-hq/cockpit (CVE-2026-23695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46491 |
|
Path Traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491)
path traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491). Data can be tampered with by attackers. Exploitable via ``ticket``. Mitigation: upgrade to `7.0.3` or later.
|
| CVE-2026-45717 |
|
Vulnerability in @budibase/server (CVE-2026-45717)
vulnerability in @budibase/server (CVE-2026-45717). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/datasources/`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-44717 |
|
Code Injection in CVE-2026-44717 (CVE-2026-44717)
code injection in CVE-2026-44717 (CVE-2026-44717). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.1` or later.
|
| CVE-2026-45035 |
|
OS Command Injection in tabby (CVE-2026-45035)
OS command injection in tabby (CVE-2026-45035). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.233` or later.
|
| CVE-2026-44699 |
|
Vulnerability in c (CVE-2026-44699)
vulnerability in c (CVE-2026-44699). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.3` or later.
|
| CVE-2026-42458 |
|
Vulnerability in openmage/magento-lts (CVE-2026-42458)
vulnerability in openmage/magento-lts (CVE-2026-42458). Risk of unauthorized operations or information disclosure. Exploitable via ``Import``. Mitigation: upgrade to `20.18.0` or later.
|
| CVE-2026-45062 |
|
Vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062)
vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062). Successful exploitation can lead to full system takeover. Exploitable via ``cgi.go``. Mitigation: upgrade to `1.12.3` or later.
|
| CVE-2026-44716 |
|
Path Traversal in pipecat-ai (CVE-2026-44716)
path traversal in pipecat-ai (CVE-2026-44716). Confidential information can be exposed externally. Exploitable via `GET /files/{filename`. Mitigation: upgrade to `1.2.0` or later.
|
| CVE-2026-41147 |
|
Cross-Site Scripting (XSS) in nukeviet/nukeviet (CVE-2026-41147)
cross-site scripting in nukeviet/nukeviet (CVE-2026-41147). Confidential information can be exposed externally. Exploitable via ``srcdoc``.
|
| CVE-2026-22810 |
|
Vulnerability in @joplin/onenote-converter (CVE-2026-22810)
vulnerability in @joplin/onenote-converter (CVE-2026-22810). Successful exploitation can lead to full system takeover. Exploitable via ``embedded_file.rs``. Mitigation: upgrade to `3.5.7` or later.
|
| CVE-2026-45773 |
|
Cross-Site Request Forgery (CSRF) in turbo (CVE-2026-45773)
vulnerability in turbo (CVE-2026-45773). Data can be tampered with by attackers. Exploitable via ``turbo``. Mitigation: upgrade to `2.9.14` or later.
|
| CVE-2026-38728 |
|
Vulnerability in smtp-server (CVE-2026-38728)
vulnerability in smtp-server (CVE-2026-38728). Risk of unauthorized operations or information disclosure. Exploitable via ``_remainder``. Mitigation: upgrade to `3.18.3` or later.
|
| CVE-2026-39053 |
|
XXE (XML External Entity) in ssrf (CVE-2026-39053)
vulnerability in ssrf (CVE-2026-39053). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41553 |
|
OS Command Injection in dhtmlx (CVE-2026-41553)
OS command injection in dhtmlx (CVE-2026-41553). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7182 |
|
Path Traversal in path-traversal (CVE-2026-7182)
path traversal in path-traversal (CVE-2026-7182). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41552 |
|
Path Traversal in path-traversal (CVE-2026-41552)
path traversal in path-traversal (CVE-2026-41552). Confidential information can be exposed externally.
|
| CVE-2026-4683 |
|
Vulnerability in wordpress (CVE-2026-4683)
vulnerability in wordpress (CVE-2026-4683). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44088 |
|
Unrestricted File Upload in CVE-2026-44088 (CVE-2026-44088)
vulnerability in CVE-2026-44088 (CVE-2026-44088). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6228 |
|
Privilege Escalation in wordpress (CVE-2026-6228)
vulnerability in wordpress (CVE-2026-6228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5229 |
|
Authentication Bypass in wordpress (CVE-2026-5229)
authentication bypass in wordpress (CVE-2026-5229). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6403 |
|
Path Traversal in wordpress (CVE-2026-6403)
path traversal in wordpress (CVE-2026-6403). Confidential information can be exposed externally.
|
| CVE-2026-7046 |
|
SQL Injection in wordpress (CVE-2026-7046)
SQL injection in wordpress (CVE-2026-7046). Confidential information can be exposed externally.
|
| CVE-2026-6415 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6415)
cross-site scripting in wordpress (CVE-2026-6415). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4094 |
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
|
| CVE-2026-6646 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6646)
cross-site scripting in wordpress (CVE-2026-6646). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41702 |
|
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an...
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an...
|
| CVE-2025-54518 |
|
Vulnerability in privilege-escalation (CVE-2025-54518)
vulnerability in privilege-escalation (CVE-2025-54518). Successful exploitation can lead to full system takeover.
|