Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cms Clear
ID Title
CVE-2026-6228 Privilege Escalation in wordpress (CVE-2026-6228)
vulnerability in wordpress (CVE-2026-6228). Successful exploitation can lead to full system takeover.
CVE-2026-5229 Authentication Bypass in wordpress (CVE-2026-5229)
authentication bypass in wordpress (CVE-2026-5229). Successful exploitation can lead to full system takeover.
CVE-2026-7563 Vulnerability in wordpress (CVE-2026-7563)
vulnerability in wordpress (CVE-2026-7563). Risk of unauthorized operations or information disclosure.
CVE-2026-6403 Path Traversal in wordpress (CVE-2026-6403)
path traversal in wordpress (CVE-2026-6403). Confidential information can be exposed externally.
CVE-2026-8425 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8425)
vulnerability in wordpress (CVE-2026-8425). Risk of unauthorized operations or information disclosure.
CVE-2026-4094 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
CVE-2026-6646 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6646)
cross-site scripting in wordpress (CVE-2026-6646). Risk of unauthorized operations or information disclosure.
CVE-2026-27886 Path Traversal in @strapi/strapi (CVE-2026-27886)
path traversal in @strapi/strapi (CVE-2026-27886). Confidential information can be exposed externally. Exploitable via `POST /admin/reset-password`. Mitigation: upgrade to `5.37.0` or later.
CVE-2026-4029 Vulnerability in wordpress (CVE-2026-4029)
vulnerability in wordpress (CVE-2026-4029). Confidential information can be exposed externally.
CVE-2026-4030 Vulnerability in wordpress (CVE-2026-4030)
vulnerability in wordpress (CVE-2026-4030). Successful exploitation can lead to full system takeover.
CVE-2026-4031 Vulnerability in wordpress (CVE-2026-4031)
vulnerability in wordpress (CVE-2026-4031). Confidential information can be exposed externally.
CVE-2026-22707 Unrestricted File Upload in @strapi/upload (CVE-2026-22707)
vulnerability in @strapi/upload (CVE-2026-22707). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/upload`. Mitigation: upgrade to `5.33.3` or later.
CVE-2026-6512 Vulnerability in wordpress (CVE-2026-6512)
vulnerability in wordpress (CVE-2026-6512). Confidential information can be exposed externally.
CVE-2026-6504 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6504)
cross-site scripting in wordpress (CVE-2026-6504). Risk of unauthorized operations or information disclosure.
CVE-2026-6206 Vulnerability in wordpress (CVE-2026-6206)
vulnerability in wordpress (CVE-2026-6206). Risk of unauthorized operations or information disclosure.
CVE-2026-6514 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6514)
SSRF in wordpress (CVE-2026-6514). Confidential information can be exposed externally.
CVE-2026-6145 Vulnerability in wordpress (CVE-2026-6145)
vulnerability in wordpress (CVE-2026-6145). Risk of unauthorized operations or information disclosure.
CVE-2026-6174 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6174)
cross-site scripting in wordpress (CVE-2026-6174). Risk of unauthorized operations or information disclosure.
CVE-2026-6510 Vulnerability in wordpress (CVE-2026-6510)
vulnerability in wordpress (CVE-2026-6510). Successful exploitation can lead to full system takeover.
CVE-2026-6670 Path Traversal in wordpress (CVE-2026-6670)
path traversal in wordpress (CVE-2026-6670). Confidential information can be exposed externally.
CVE-2026-5365 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-5365)
vulnerability in wordpress (CVE-2026-5365). Risk of unauthorized operations or information disclosure.
CVE-2026-5395 Vulnerability in wordpress (CVE-2026-5395)
vulnerability in wordpress (CVE-2026-5395). Confidential information can be exposed externally.
CVE-2026-6225 SQL Injection in wordpress (CVE-2026-6225)
SQL injection in wordpress (CVE-2026-6225). Confidential information can be exposed externally.
CVE-2026-6252 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6252)
cross-site scripting in wordpress (CVE-2026-6252). Risk of unauthorized operations or information disclosure.
CVE-2026-6271 Unrestricted File Upload in wordpress (CVE-2026-6271)
vulnerability in wordpress (CVE-2026-6271). Successful exploitation can lead to full system takeover.
CVE-2026-6506 Vulnerability in wordpress (CVE-2026-6506)
vulnerability in wordpress (CVE-2026-6506). Successful exploitation can lead to full system takeover.
CVE-2026-3718 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3718)
cross-site scripting in wordpress (CVE-2026-3718). Risk of unauthorized operations or information disclosure.
CVE-2026-3892 Vulnerability in wordpress (CVE-2026-3892)
vulnerability in wordpress (CVE-2026-3892). Data can be tampered with by attackers.
CVE-2026-5193 Privilege Escalation in wordpress (CVE-2026-5193)
vulnerability in wordpress (CVE-2026-5193). Data can be tampered with by attackers.
CVE-2026-3694 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3694)
cross-site scripting in wordpress (CVE-2026-3694). Risk of unauthorized operations or information disclosure.
CVE-2026-8181 Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2026-6417 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6417)
cross-site scripting in wordpress (CVE-2026-6417). Risk of unauthorized operations or information disclosure.
CVE-2026-5396 Vulnerability in wordpress (CVE-2026-5396)
vulnerability in wordpress (CVE-2026-5396). Confidential information can be exposed externally. Exploitable via ``form_id``.
CVE-2025-15345 Vulnerability in wordpress (CVE-2025-15345)
vulnerability in wordpress (CVE-2025-15345). Risk of unauthorized operations or information disclosure.
CVE-2026-5243 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5243)
cross-site scripting in wordpress (CVE-2026-5243). Risk of unauthorized operations or information disclosure. Exploitable via ``menu_hover_click``.
CVE-2026-3829 Vulnerability in wordpress (CVE-2026-3829)
vulnerability in wordpress (CVE-2026-3829). Risk of unauthorized operations or information disclosure.
CVE-2026-7648 Vulnerability in wordpress (CVE-2026-7648)
vulnerability in wordpress (CVE-2026-7648). Risk of unauthorized operations or information disclosure.
CVE-2026-7525 Vulnerability in wordpress (CVE-2026-7525)
vulnerability in wordpress (CVE-2026-7525). Risk of unauthorized operations or information disclosure.
CVE-2026-5361 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5361)
cross-site scripting in wordpress (CVE-2026-5361). Risk of unauthorized operations or information disclosure.
CVE-2026-5486 SQL Injection in wordpress (CVE-2026-5486)
SQL injection in wordpress (CVE-2026-5486). Confidential information can be exposed externally.
CVE-2026-22706 Vulnerability in @strapi/admin (CVE-2026-22706)
vulnerability in @strapi/admin (CVE-2026-22706). Confidential information can be exposed externally. Exploitable via `POST /api/auth/refresh`. Mitigation: upgrade to `5.33.3` or later.
CVE-2026-22599 SQL Injection in @strapi/content-type-builder (CVE-2026-22599)
SQL injection in @strapi/content-type-builder (CVE-2026-22599). Successful exploitation can lead to full system takeover. Exploitable via ``column.defaultTo``. Mitigation: upgrade to `5.33.2` or later.
CVE-2025-64526 Vulnerability in @strapi/plugin-users-permissions (CVE-2025-64526)
vulnerability in @strapi/plugin-users-permissions (CVE-2025-64526). Risk of unauthorized operations or information disclosure. Exploitable via ``ctx.request.body.email``. Mitigation: upgrade to `5.45.0` or later.
CVE-2026-8495 Vulnerability in drupal/date_ical (CVE-2026-8495)
vulnerability in drupal/date_ical (CVE-2026-8495). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.15` or later.
CVE-2026-8493 Cross-Site Scripting (XSS) in drupal/colorbox_inline (CVE-2026-8493)
cross-site scripting in drupal/colorbox_inline (CVE-2026-8493). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.1` or later.
CVE-2026-8492 Vulnerability in drupal/gtranslate (CVE-2026-8492)
vulnerability in drupal/gtranslate (CVE-2026-8492). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.5` or later.
CVE-2026-8491 Vulnerability in drupal/node_view_permissions (CVE-2026-8491)
vulnerability in drupal/node_view_permissions (CVE-2026-8491). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 2.0.1` or later.
CVE-2020-37169 Vulnerability in wordpress (CVE-2020-37169)
vulnerability in wordpress (CVE-2020-37169). Confidential information can be exposed externally.
CVE-2026-4607 Vulnerability in wordpress (CVE-2026-4607)
vulnerability in wordpress (CVE-2026-4607). Risk of unauthorized operations or information disclosure.
CVE-2026-4608 SQL Injection in wordpress (CVE-2026-4608)
SQL injection in wordpress (CVE-2026-4608). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →