Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-10093 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10093)
cross-site scripting in wordpress (CVE-2026-10093). Risk of unauthorized operations or information disclosure.
CVE-2025-9912 Privilege Escalation in privilege-escalation (CVE-2025-9912)
vulnerability in privilege-escalation (CVE-2025-9912). Data can be tampered with by attackers.
CVE-2026-5667 Vulnerability in jvn (CVE-2026-5667)
vulnerability in jvn (CVE-2026-5667). Risk of unauthorized operations or information disclosure.
CVE-2026-6933 Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
CVE-2025-10262 Vulnerability in privilege-escalation (CVE-2025-10262)
vulnerability in privilege-escalation (CVE-2025-10262). Data can be tampered with by attackers.
CVE-2026-5149 Authorization Flaw in wordpress (CVE-2026-5149)
vulnerability in wordpress (CVE-2026-5149). Confidential information can be exposed externally.
CVE-2026-9187 Vulnerability in wordpress (CVE-2026-9187)
vulnerability in wordpress (CVE-2026-9187). Risk of unauthorized operations or information disclosure.
CVE-2026-8443 SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
CVE-2026-50255 Vulnerability in CVE-2026-50255 (CVE-2026-50255)
vulnerability in CVE-2026-50255 (CVE-2026-50255). Successful exploitation can lead to full system takeover.
CVE-2026-10635 Use-After-Free in c (CVE-2026-10635)
vulnerability in c (CVE-2026-10635). Data can be tampered with by attackers.
CVE-2026-6964 Vulnerability in wordpress (CVE-2026-6964)
vulnerability in wordpress (CVE-2026-6964). Risk of unauthorized operations or information disclosure.
CVE-2026-7273 Vulnerability in CVE-2026-7273 (CVE-2026-7273)
vulnerability in CVE-2026-7273 (CVE-2026-7273). Successful exploitation can lead to full system takeover.
CVE-2026-1765 Out-of-Bounds Read in dos (CVE-2026-1765)
vulnerability in dos (CVE-2026-1765). Risk of unauthorized operations or information disclosure.
CVE-2026-1764 Out-of-Bounds Read in dos (CVE-2026-1764)
vulnerability in dos (CVE-2026-1764). Risk of unauthorized operations or information disclosure. Exploitable via ``extract_performers_tags``.
CVE-2026-12161 OS Command Injection in devolutions (CVE-2026-12161)
OS command injection in devolutions (CVE-2026-12161). Successful exploitation can lead to full system takeover.
CVE-2026-9262 Vulnerability in canon (CVE-2026-9262)
vulnerability in canon (CVE-2026-9262). Confidential information can be exposed externally.
CVE-2026-9260 Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9259 Vulnerability in canon (CVE-2026-9259)
vulnerability in canon (CVE-2026-9259). Confidential information can be exposed externally.
CVE-2026-9258 Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-48853 Unsafe Deserialization in deserialization (CVE-2026-48853)
vulnerability in deserialization (CVE-2026-48853). Risk of unauthorized operations or information disclosure.
CVE-2026-48854 Vulnerability in CVE-2026-48854 (CVE-2026-48854)
vulnerability in CVE-2026-48854 (CVE-2026-48854). Risk of unauthorized operations or information disclosure.
CVE-2026-48723 OS Command Injection in CVE-2026-48723 (CVE-2026-48723)
OS command injection in CVE-2026-48723 (CVE-2026-48723). Successful exploitation can lead to full system takeover.
CVE-2026-5064 Vulnerability in dos (CVE-2026-5064)
vulnerability in dos (CVE-2026-5064). Risk of unauthorized operations or information disclosure.
CVE-2026-48714 Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
CVE-2026-48713 Vulnerability in i18next-fs-backend (CVE-2026-48713)
vulnerability in i18next-fs-backend (CVE-2026-48713). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `2.6.4` or later.
CVE-2026-48157 Cross-Site Scripting (XSS) in slim/slim (CVE-2026-48157)
cross-site scripting in slim/slim (CVE-2026-48157). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpNotFoundException``. Mitigation: upgrade to `4.15.2` or later.
CVE-2026-12087 Out-of-Bounds Read in CVE-2026-12087 (CVE-2026-12087)
vulnerability in CVE-2026-12087 (CVE-2026-12087). Confidential information can be exposed externally.
CVE-2026-49776 SQL Injection in wordpress (CVE-2026-49776)
SQL injection in wordpress (CVE-2026-49776). Confidential information can be exposed externally.
CVE-2026-52693 Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
CVE-2026-52697 Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
CVE-2026-52700 Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
CVE-2026-52702 Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
CVE-2026-49773 Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
CVE-2026-52694 Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
CVE-2026-52703 Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
CVE-2026-9691 Unsafe Deserialization in CVE-2026-9691 (CVE-2026-9691)
vulnerability in CVE-2026-9691 (CVE-2026-9691). Successful exploitation can lead to full system takeover.
CVE-2026-49769 Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
CVE-2026-49768 Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
CVE-2026-49781 Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
CVE-2026-49770 Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
CVE-2026-49765 Unsafe Deserialization in CVE-2026-49765 (CVE-2026-49765)
vulnerability in CVE-2026-49765 (CVE-2026-49765). Successful exploitation can lead to full system takeover.
CVE-2026-49775 Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
CVE-2026-49061 Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
CVE-2026-49763 Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
CVE-2026-49105 Unsafe Deserialization in CVE-2026-49105 (CVE-2026-49105)
vulnerability in CVE-2026-49105 (CVE-2026-49105). Successful exploitation can lead to full system takeover.
CVE-2026-49106 Unsafe Deserialization in CVE-2026-49106 (CVE-2026-49106)
vulnerability in CVE-2026-49106 (CVE-2026-49106). Successful exploitation can lead to full system takeover.
CVE-2026-49104 Unsafe Deserialization in CVE-2026-49104 (CVE-2026-49104)
vulnerability in CVE-2026-49104 (CVE-2026-49104). Successful exploitation can lead to full system takeover.
CVE-2026-49085 Unsafe Deserialization in CVE-2026-49085 (CVE-2026-49085)
vulnerability in CVE-2026-49085 (CVE-2026-49085). Successful exploitation can lead to full system takeover.
CVE-2026-49109 Unsafe Deserialization in CVE-2026-49109 (CVE-2026-49109)
vulnerability in CVE-2026-49109 (CVE-2026-49109). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →