Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12313 |
|
Privilege Escalation in mozilla (CVE-2026-12313)
vulnerability in mozilla (CVE-2026-12313). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12310 |
|
Buffer Overflow in mozilla (CVE-2026-12310)
vulnerability in mozilla (CVE-2026-12310). Confidential information can be exposed externally.
|
| CVE-2026-12312 |
|
Buffer Overflow in mozilla (CVE-2026-12312)
vulnerability in mozilla (CVE-2026-12312). Confidential information can be exposed externally.
|
| CVE-2026-12309 |
|
Buffer Overflow in mozilla (CVE-2026-12309)
vulnerability in mozilla (CVE-2026-12309). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12308 |
|
Buffer Overflow in mozilla (CVE-2026-12308)
vulnerability in mozilla (CVE-2026-12308). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12307 |
|
Buffer Overflow in mozilla (CVE-2026-12307)
vulnerability in mozilla (CVE-2026-12307). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12306 |
|
Buffer Overflow in mozilla (CVE-2026-12306)
vulnerability in mozilla (CVE-2026-12306). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12305 |
|
Buffer Overflow in mozilla (CVE-2026-12305)
vulnerability in mozilla (CVE-2026-12305). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12301 |
|
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
|
| CVE-2026-12300 |
|
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
|
| CVE-2026-12302 |
|
Vulnerability in mozilla (CVE-2026-12302)
vulnerability in mozilla (CVE-2026-12302). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12299 |
|
Vulnerability in mozilla (CVE-2026-12299)
vulnerability in mozilla (CVE-2026-12299). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12303 |
|
Out-of-Bounds Read in mozilla (CVE-2026-12303)
vulnerability in mozilla (CVE-2026-12303). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12298 |
|
Out-of-Bounds Read in mozilla (CVE-2026-12298)
vulnerability in mozilla (CVE-2026-12298). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12293 |
|
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152.
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152.
|
| CVE-2026-12291 |
|
Use-After-Free in mozilla (CVE-2026-12291)
vulnerability in mozilla (CVE-2026-12291). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12297 |
|
Buffer Overflow in mozilla (CVE-2026-12297)
vulnerability in mozilla (CVE-2026-12297). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12290 |
|
Buffer Overflow in mozilla (CVE-2026-12290)
vulnerability in mozilla (CVE-2026-12290). Confidential information can be exposed externally.
|
| CVE-2026-12292 |
|
Buffer Overflow in mozilla (CVE-2026-12292)
vulnerability in mozilla (CVE-2026-12292). Confidential information can be exposed externally.
|
| CVE-2026-12294 |
|
Vulnerability in mozilla (CVE-2026-12294)
vulnerability in mozilla (CVE-2026-12294). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12295 |
|
Vulnerability in mozilla (CVE-2026-12295)
vulnerability in mozilla (CVE-2026-12295). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12296 |
|
Vulnerability in mozilla (CVE-2026-12296)
vulnerability in mozilla (CVE-2026-12296). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12289 |
|
Privilege Escalation in privilege-escalation (CVE-2026-12289)
vulnerability in privilege-escalation (CVE-2026-12289). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10829 |
|
Vulnerability in CVE-2026-10829 (CVE-2026-10829)
vulnerability in CVE-2026-10829 (CVE-2026-10829). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40750 |
|
Unrestricted File Upload in CVE-2026-40750 (CVE-2026-40750)
vulnerability in CVE-2026-40750 (CVE-2026-40750). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12225 |
|
Vulnerability in CVE-2026-12225 (CVE-2026-12225)
vulnerability in CVE-2026-12225 (CVE-2026-12225). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
|
| CVE-2026-8484 |
|
Vulnerability in dos (CVE-2026-8484)
vulnerability in dos (CVE-2026-8484). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10828 |
|
Vulnerability in CVE-2026-10828 (CVE-2026-10828)
vulnerability in CVE-2026-10828 (CVE-2026-10828). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8442 |
|
Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
|
| CVE-2026-54190 |
|
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
|
| CVE-2026-52714 |
|
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
|
| CVE-2026-52715 |
|
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
|
| CVE-2026-5416 |
|
OS Command Injection in CVE-2026-5416 (CVE-2026-5416)
OS command injection in CVE-2026-5416 (CVE-2026-5416). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54198 |
|
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
|
| CVE-2026-54191 |
|
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
|
| CVE-2026-8176 |
|
Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49774 |
|
Code Injection in CVE-2026-49774 (CVE-2026-49774)
code injection in CVE-2026-49774 (CVE-2026-49774). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52711 |
|
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
|
| CVE-2026-40809 |
|
Vulnerability in CVE-2026-40809 (CVE-2026-40809)
vulnerability in CVE-2026-40809 (CVE-2026-40809). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39490 |
|
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
|
| CVE-2026-39574 |
|
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
|
| CVE-2026-39581 |
|
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
|
| CVE-2026-49772 |
|
SQL Injection in sqli (CVE-2026-49772)
SQL injection in sqli (CVE-2026-49772). Confidential information can be exposed externally.
|
| CVE-2026-52712 |
|
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
|
| CVE-2026-39437 |
|
Cross-Site Scripting (XSS) in CVE-2026-39437 (CVE-2026-39437)
cross-site scripting in CVE-2026-39437 (CVE-2026-39437). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10825 |
|
Vulnerability in CVE-2026-10825 (CVE-2026-10825)
vulnerability in CVE-2026-10825 (CVE-2026-10825). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2381 |
|
Vulnerability in wordpress (CVE-2026-2381)
vulnerability in wordpress (CVE-2026-2381). Risk of unauthorized operations or information disclosure. Exploitable via ``wc_stripe_pay_for_order``.
|
| CVE-2025-68045 |
|
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
|
| CVE-2026-8444 |
|
SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46331 |
|
Vulnerability in linux (CVE-2026-46331)
vulnerability in linux (CVE-2026-46331). Successful exploitation can lead to full system takeover.
|