Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46624 |
|
OS Command Injection in sqli (CVE-2026-46624)
OS command injection in sqli (CVE-2026-46624). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48898 |
|
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
|
| CVE-2026-48899 |
|
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
|
| CVE-2026-35222 |
|
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
|
| CVE-2026-35221 |
|
SQL Injection in joomla (CVE-2026-35221)
SQL injection in joomla (CVE-2026-35221). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-4480 |
|
OS Command Injection in redhat (CVE-2026-4480)
OS command injection in redhat (CVE-2026-4480). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45247 KEV |
|
[KEV] Unsafe Deserialization in Mirasvit full-page-cache-warmer (CVE-2026-45247)
vulnerability in Mirasvit full-page-cache-warmer (CVE-2026-45247). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-42774 |
|
SQL Injection in sqli (CVE-2026-42774)
SQL injection in sqli (CVE-2026-42774). Confidential information can be exposed externally.
|
| CVE-2026-42773 |
|
SQL Injection in sqli (CVE-2026-42773)
SQL injection in sqli (CVE-2026-42773). Confidential information can be exposed externally.
|
| CVE-2018-25357 |
|
Code Injection in dolibarr/dolibarr (CVE-2018-25357)
code injection in dolibarr/dolibarr (CVE-2018-25357). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.0.8` or later.
|
| CVE-2026-41104 |
|
Unsafe Deserialization in deserialization (CVE-2026-41104)
vulnerability in deserialization (CVE-2026-41104). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33843 |
|
Vulnerability in microsoft (CVE-2026-33843)
vulnerability in microsoft (CVE-2026-33843). Confidential information can be exposed externally.
|
| CVE-2026-39821 |
|
Vulnerability in golang.org/x/net (CVE-2026-39821)
vulnerability in golang.org/x/net (CVE-2026-39821). Confidential information can be exposed externally. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-34909 KEV |
|
[KEV] Path Traversal in Ubiquiti path-traversal (CVE-2026-34909)
path traversal in Ubiquiti path-traversal (CVE-2026-34909). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6960 |
|
Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48207 |
|
Unsafe Deserialization in pyfory (CVE-2026-48207)
vulnerability in pyfory (CVE-2026-48207). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.0` or later.
|
| CVE-2026-39531 |
|
SQL Injection in sqli (CVE-2026-39531)
SQL injection in sqli (CVE-2026-39531). Confidential information can be exposed externally.
|
| CVE-2026-5118 |
|
Privilege Escalation in wordpress (CVE-2026-5118)
vulnerability in wordpress (CVE-2026-5118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5433 |
|
Vulnerability in CVE-2026-5433 (CVE-2026-5433)
vulnerability in CVE-2026-5433 (CVE-2026-5433). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44050 |
|
Vulnerability in dos (CVE-2026-44050)
vulnerability in dos (CVE-2026-44050). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6279 |
|
Vulnerability in wordpress (CVE-2026-6279)
vulnerability in wordpress (CVE-2026-6279). Successful exploitation can lead to full system takeover. Exploitable via ``wp_conditional_tags``.
|
| CVE-2026-48172 KEV |
|
[KEV] Vulnerability in Litespeed privilege-escalation (CVE-2026-48172)
vulnerability in Litespeed privilege-escalation (CVE-2026-48172). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-9141 |
|
Vulnerability in CVE-2026-9141 (CVE-2026-9141)
vulnerability in CVE-2026-9141 (CVE-2026-9141). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33278 |
|
Use-After-Free in dos (CVE-2026-33278)
vulnerability in dos (CVE-2026-33278). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7637 |
|
Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24207 |
|
Vulnerability in dos (CVE-2026-24207)
vulnerability in dos (CVE-2026-24207). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7284 |
|
Privilege Escalation in wordpress (CVE-2026-7284)
vulnerability in wordpress (CVE-2026-7284). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6555 |
|
Unrestricted File Upload in wordpress (CVE-2026-6555)
vulnerability in wordpress (CVE-2026-6555). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34234 |
|
OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
OS command injection in CVE-2026-34234 (CVE-2026-34234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36829 |
|
Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31072 |
|
Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30118 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2587 |
|
Vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587)
vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-2586 |
|
Code Injection in org.glassfish.main.admingui:console-common (CVE-2026-2586)
code injection in org.glassfish.main.admingui:console-common (CVE-2026-2586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-45721 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-45721)
vulnerability in github.com/xyproto/algernon (CVE-2026-45721). Successful exploitation can lead to full system takeover. Exploitable via ``DirPage``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-47323 |
|
Vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323)
vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.18.2` or later.
|
| CVE-2026-43633 |
|
Unsafe Deserialization in deserialization (CVE-2026-43633)
vulnerability in deserialization (CVE-2026-43633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4883 |
|
Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45434 |
|
Authentication Bypass in apache (CVE-2026-45434)
authentication bypass in apache (CVE-2026-45434). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4885 |
|
Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45230 |
|
Path Traversal in path-traversal (CVE-2026-45230)
path traversal in path-traversal (CVE-2026-45230). Data can be tampered with by attackers. Exploitable via `POST /api/delete-file`.
|
| CVE-2026-41948 |
|
Vulnerability in path-traversal (CVE-2026-41948)
vulnerability in path-traversal (CVE-2026-41948). Confidential information can be exposed externally.
|
| CVE-2026-7302 |
|
Vulnerability in sglang (CVE-2026-7302)
vulnerability in sglang (CVE-2026-7302). Data can be tampered with by attackers.
|
| CVE-2026-7304 |
|
Unsafe Deserialization in sglang (CVE-2026-7304)
vulnerability in sglang (CVE-2026-7304). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7301 |
|
Unsafe Deserialization in sglang (CVE-2026-7301)
vulnerability in sglang (CVE-2026-7301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8507 |
|
Out-of-Bounds Write in CVE-2026-8507 (CVE-2026-8507)
out-of-bounds write in CVE-2026-8507 (CVE-2026-8507). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25332 |
|
Vulnerability in gitbucket (CVE-2018-25332)
vulnerability in gitbucket (CVE-2018-25332). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47952 |
|
Code Injection in deserialization (CVE-2021-47952)
code injection in deserialization (CVE-2021-47952). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46703 |
|
Path Traversal in boxlite (CVE-2026-46703)
path traversal in boxlite (CVE-2026-46703). Successful exploitation can lead to full system takeover. Exploitable via ``apply_oci_layer``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-46364 |
|
SQL Injection in thorsten/phpmyfaq (CVE-2026-46364)
SQL injection in thorsten/phpmyfaq (CVE-2026-46364). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/captcha`. Mitigation: upgrade to `4.1.2` or later.
|