Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2026-46359 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
CVE-2026-46364 SQL Injection in thorsten/phpmyfaq (CVE-2026-46364)
SQL injection in thorsten/phpmyfaq (CVE-2026-46364). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/captcha`. Mitigation: upgrade to `4.1.2` or later.
CVE-2026-46363 Cross-Site Scripting (XSS) in phpMyFAQ/phpMyFAQ (CVE-2026-46363)
cross-site scripting in phpMyFAQ/phpMyFAQ (CVE-2026-46363). Risk of unauthorized operations or information disclosure. Exploitable via ``FILTER_SANITIZE_SPECIAL_CHARS``. Mitigation: upgrade to `4.1.2` or later.
CVE-2026-46361 Cross-Site Scripting (XSS) in thorsten/phpmyfaq (CVE-2026-46361)
cross-site scripting in thorsten/phpmyfaq (CVE-2026-46361). Confidential information can be exposed externally. Exploitable via ``search.twig``. Mitigation: upgrade to `4.1.2` or later.
CVE-2026-46360 Cross-Site Scripting (XSS) in phpMyFAQ/phpMyFAQ (CVE-2026-46360)
cross-site scripting in phpMyFAQ/phpMyFAQ (CVE-2026-46360). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.2` or later.
CVE-2026-45800 SQL Injection in sqli (CVE-2026-45800)
SQL injection in sqli (CVE-2026-45800). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.3` or later.
CVE-2026-45622 Cross-Site Scripting (XSS) in CVE-2026-45622 (CVE-2026-45622)
cross-site scripting in CVE-2026-45622 (CVE-2026-45622). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.3` or later.
CVE-2026-45008 Path Traversal in phpMyFAQ/phpMyFAQ (CVE-2026-45008)
path traversal in phpMyFAQ/phpMyFAQ (CVE-2026-45008). Data can be tampered with by attackers. Exploitable via ``clientFolder``. Mitigation: upgrade to `4.1.2` or later.
CVE-2026-44826 Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positive...
CVE-2026-44366 Cross-Site Scripting (XSS) in CVE-2026-44366 (CVE-2026-44366)
cross-site scripting in CVE-2026-44366 (CVE-2026-44366). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.1` or later.
CVE-2021-47964 Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
CVE-2021-47965 Unrestricted File Upload in wordpress (CVE-2021-47965)
vulnerability in wordpress (CVE-2021-47965). Successful exploitation can lead to full system takeover.
CVE-2021-47966 PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
CVE-2021-47968 Cross-Site Scripting (XSS) in CVE-2021-47968 (CVE-2021-47968)
cross-site scripting in CVE-2021-47968 (CVE-2021-47968). Risk of unauthorized operations or information disclosure.
CVE-2021-47967 Cross-Site Scripting (XSS) in c (CVE-2021-47967)
cross-site scripting in c (CVE-2021-47967). Risk of unauthorized operations or information disclosure.
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
CVE-2021-47963 Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
CVE-2021-47962 Cross-Site Scripting (XSS) in CVE-2021-47962 (CVE-2021-47962)
cross-site scripting in CVE-2021-47962 (CVE-2021-47962). Risk of unauthorized operations or information disclosure.
CVE-2026-45610 Vulnerability in WWBN/AVideo (CVE-2026-45610)
vulnerability in WWBN/AVideo (CVE-2026-45610). Data can be tampered with by attackers. Exploitable via ``SameSite``.
CVE-2026-45580 Cross-Site Scripting (XSS) in WWBN/AVideo (CVE-2026-45580)
cross-site scripting in WWBN/AVideo (CVE-2026-45580). Risk of unauthorized operations or information disclosure. Exploitable via ``echo``.
CVE-2026-8695 Use-After-Free in dos (CVE-2026-8695)
vulnerability in dos (CVE-2026-8695). Risk of unauthorized operations or information disclosure.
CVE-2026-23695 Cross-Site Scripting (XSS) in cockpit-hq/cockpit (CVE-2026-23695)
cross-site scripting in cockpit-hq/cockpit (CVE-2026-23695). Risk of unauthorized operations or information disclosure.
CVE-2026-46491 Path Traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491)
path traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491). Data can be tampered with by attackers. Exploitable via ``ticket``. Mitigation: upgrade to `7.0.3` or later.
CVE-2026-45717 Vulnerability in @budibase/server (CVE-2026-45717)
vulnerability in @budibase/server (CVE-2026-45717). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/datasources/`. Mitigation: upgrade to `3.38.1` or later.
CVE-2026-44717 Code Injection in CVE-2026-44717 (CVE-2026-44717)
code injection in CVE-2026-44717 (CVE-2026-44717). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.1` or later.
CVE-2026-45035 OS Command Injection in tabby (CVE-2026-45035)
OS command injection in tabby (CVE-2026-45035). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.233` or later.
CVE-2026-44699 Vulnerability in c (CVE-2026-44699)
vulnerability in c (CVE-2026-44699). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.3` or later.
CVE-2026-42458 Vulnerability in openmage/magento-lts (CVE-2026-42458)
vulnerability in openmage/magento-lts (CVE-2026-42458). Risk of unauthorized operations or information disclosure. Exploitable via ``Import``. Mitigation: upgrade to `20.18.0` or later.
CVE-2026-45062 Vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062)
vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062). Successful exploitation can lead to full system takeover. Exploitable via ``cgi.go``. Mitigation: upgrade to `1.12.3` or later.
CVE-2026-44716 Path Traversal in pipecat-ai (CVE-2026-44716)
path traversal in pipecat-ai (CVE-2026-44716). Confidential information can be exposed externally. Exploitable via `GET /files/{filename`. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-41147 Cross-Site Scripting (XSS) in nukeviet/nukeviet (CVE-2026-41147)
cross-site scripting in nukeviet/nukeviet (CVE-2026-41147). Confidential information can be exposed externally. Exploitable via ``srcdoc``.
CVE-2026-22810 Vulnerability in @joplin/onenote-converter (CVE-2026-22810)
vulnerability in @joplin/onenote-converter (CVE-2026-22810). Successful exploitation can lead to full system takeover. Exploitable via ``embedded_file.rs``. Mitigation: upgrade to `3.5.7` or later.
CVE-2026-45773 Cross-Site Request Forgery (CSRF) in turbo (CVE-2026-45773)
vulnerability in turbo (CVE-2026-45773). Data can be tampered with by attackers. Exploitable via ``turbo``. Mitigation: upgrade to `2.9.14` or later.
CVE-2026-38728 Vulnerability in smtp-server (CVE-2026-38728)
vulnerability in smtp-server (CVE-2026-38728). Risk of unauthorized operations or information disclosure. Exploitable via ``_remainder``. Mitigation: upgrade to `3.18.3` or later.
CVE-2026-39053 XXE (XML External Entity) in ssrf (CVE-2026-39053)
vulnerability in ssrf (CVE-2026-39053). Risk of unauthorized operations or information disclosure.
CVE-2026-41553 OS Command Injection in dhtmlx (CVE-2026-41553)
OS command injection in dhtmlx (CVE-2026-41553). Successful exploitation can lead to full system takeover.
CVE-2026-7182 Path Traversal in path-traversal (CVE-2026-7182)
path traversal in path-traversal (CVE-2026-7182). Risk of unauthorized operations or information disclosure.
CVE-2026-41552 Path Traversal in path-traversal (CVE-2026-41552)
path traversal in path-traversal (CVE-2026-41552). Confidential information can be exposed externally.
CVE-2026-4683 Vulnerability in wordpress (CVE-2026-4683)
vulnerability in wordpress (CVE-2026-4683). Risk of unauthorized operations or information disclosure.
CVE-2026-44088 Unrestricted File Upload in CVE-2026-44088 (CVE-2026-44088)
vulnerability in CVE-2026-44088 (CVE-2026-44088). Risk of unauthorized operations or information disclosure.
CVE-2026-6228 Privilege Escalation in wordpress (CVE-2026-6228)
vulnerability in wordpress (CVE-2026-6228). Successful exploitation can lead to full system takeover.
CVE-2026-5229 Authentication Bypass in wordpress (CVE-2026-5229)
authentication bypass in wordpress (CVE-2026-5229). Successful exploitation can lead to full system takeover.
CVE-2026-6403 Path Traversal in wordpress (CVE-2026-6403)
path traversal in wordpress (CVE-2026-6403). Confidential information can be exposed externally.
CVE-2026-7046 SQL Injection in wordpress (CVE-2026-7046)
SQL injection in wordpress (CVE-2026-7046). Confidential information can be exposed externally.
CVE-2026-6415 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6415)
cross-site scripting in wordpress (CVE-2026-6415). Risk of unauthorized operations or information disclosure.
CVE-2026-4094 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
CVE-2026-6646 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6646)
cross-site scripting in wordpress (CVE-2026-6646). Risk of unauthorized operations or information disclosure.
CVE-2026-41702 VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an...
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an...
CVE-2025-54518 Vulnerability in privilege-escalation (CVE-2025-54518)
vulnerability in privilege-escalation (CVE-2025-54518). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →