Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-13749 |
|
Code Injection in snowflake (CVE-2026-13749)
code injection in snowflake (CVE-2026-13749). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13746 |
|
SQL Injection in snowflake (CVE-2026-13746)
SQL injection in snowflake (CVE-2026-13746). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13744 |
|
SQL Injection in snowflake (CVE-2026-13744)
SQL injection in snowflake (CVE-2026-13744). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41052 |
|
Vulnerability in github.com/rancher/rancher (CVE-2026-41052)
vulnerability in github.com/rancher/rancher (CVE-2026-41052). Successful exploitation can lead to full system takeover. Exploitable via ``privileged``. Mitigation: upgrade to `0.0.0-20260513182521-2800aaac25b5` or later.
|
| CVE-2026-13750 |
|
Vulnerability in snowflake (CVE-2026-13750)
vulnerability in snowflake (CVE-2026-13750). Confidential information can be exposed externally.
|
| CVE-2026-13742 |
|
Vulnerability in CVE-2026-13742 (CVE-2026-13742)
vulnerability in CVE-2026-13742 (CVE-2026-13742). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13587 |
|
Buffer Overflow in c (CVE-2026-13587)
vulnerability in c (CVE-2026-13587). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13583 |
|
Buffer Overflow in CVE-2026-13583 (CVE-2026-13583)
vulnerability in CVE-2026-13583 (CVE-2026-13583). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13582 |
|
Buffer Overflow in CVE-2026-13582 (CVE-2026-13582)
vulnerability in CVE-2026-13582 (CVE-2026-13582). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13580 |
|
Buffer Overflow in CVE-2026-13580 (CVE-2026-13580)
vulnerability in CVE-2026-13580 (CVE-2026-13580). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13581 |
|
Command Injection in CVE-2026-13581 (CVE-2026-13581)
command injection in CVE-2026-13581 (CVE-2026-13581). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57320 |
|
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
|
| CVE-2026-57326 |
|
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
|
| CVE-2026-57328 |
|
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
|
| CVE-2026-57333 |
|
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
|
| CVE-2026-57337 |
|
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
|
| CVE-2026-57336 |
|
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
|
| CVE-2026-57329 |
|
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
|
| CVE-2026-57330 |
|
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
|
| CVE-2026-57338 |
|
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
|
| CVE-2026-56124 |
|
Vulnerability in CVE-2026-56124 (CVE-2026-56124)
vulnerability in CVE-2026-56124 (CVE-2026-56124). Confidential information can be exposed externally.
|
| CVE-2026-57334 |
|
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
|
| CVE-2026-57339 |
|
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.
|
| CVE-2026-57340 |
|
Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.
Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.
|
| CVE-2026-57327 |
|
Subscriber Broken Access Control in MainWP <= 6.1.1 versions.
Subscriber Broken Access Control in MainWP <= 6.1.1 versions.
|
| CVE-2026-57335 |
|
Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.
Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.
|
| CVE-2026-57332 |
|
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
|
| CVE-2026-57331 |
|
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
|
| CVE-2026-56290 KEV |
|
[KEV] Unrestricted File Upload in Joomlack page-builder-ck (CVE-2026-56290)
vulnerability in Joomlack page-builder-ck (CVE-2026-56290). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-13573 |
|
Buffer Overflow in cpp (CVE-2026-13573)
vulnerability in cpp (CVE-2026-13573). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13574 |
|
Buffer Overflow in cpp (CVE-2026-13574)
vulnerability in cpp (CVE-2026-13574). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49049 |
|
Vulnerability in ollyo (CVE-2026-49049)
vulnerability in ollyo (CVE-2026-49049). Data can be tampered with by attackers.
|
| CVE-2026-13579 |
|
Vulnerability in sqli (CVE-2026-13579)
vulnerability in sqli (CVE-2026-13579). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13578 |
|
Vulnerability in sqli (CVE-2026-13578)
vulnerability in sqli (CVE-2026-13578). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13572 |
|
Vulnerability in sqli (CVE-2026-13572)
vulnerability in sqli (CVE-2026-13572). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55607 |
|
Path Traversal in anthropic (CVE-2026-55607)
path traversal in anthropic (CVE-2026-55607). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.163` or later.
|
| CVE-2026-56457 |
|
Vulnerability in hcltechsw (CVE-2026-56457)
vulnerability in hcltechsw (CVE-2026-56457). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54371 |
|
Vulnerability in privilege-escalation (CVE-2026-54371)
vulnerability in privilege-escalation (CVE-2026-54371). Confidential information can be exposed externally.
|
| CVE-2026-54369 |
|
Vulnerability in privilege-escalation (CVE-2026-54369)
vulnerability in privilege-escalation (CVE-2026-54369). Confidential information can be exposed externally.
|
| CVE-2026-54370 |
|
Vulnerability in privilege-escalation (CVE-2026-54370)
vulnerability in privilege-escalation (CVE-2026-54370). Confidential information can be exposed externally.
|
| CVE-2026-40524 |
|
SQL Injection in sqli (CVE-2026-40524)
SQL injection in sqli (CVE-2026-40524). Confidential information can be exposed externally.
|
| CVE-2026-40523 |
|
SQL Injection in sqli (CVE-2026-40523)
SQL injection in sqli (CVE-2026-40523). Confidential information can be exposed externally.
|
| CVE-2026-40522 |
|
SQL Injection in sqli (CVE-2026-40522)
SQL injection in sqli (CVE-2026-40522). Confidential information can be exposed externally.
|
| CVE-2026-40521 |
|
Path Traversal in path-traversal (CVE-2026-40521)
path traversal in path-traversal (CVE-2026-40521). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13568 |
|
Vulnerability in CVE-2026-13568 (CVE-2026-13568)
vulnerability in CVE-2026-13568 (CVE-2026-13568). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13569 |
|
Vulnerability in sqli (CVE-2026-13569)
vulnerability in sqli (CVE-2026-13569). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13567 |
|
Cross-Site Scripting (XSS) in CVE-2026-13567 (CVE-2026-13567)
cross-site scripting in CVE-2026-13567 (CVE-2026-13567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13570 |
|
Cross-Site Scripting (XSS) in CVE-2026-13570 (CVE-2026-13570)
cross-site scripting in CVE-2026-13570 (CVE-2026-13570). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13676 |
|
Vulnerability in openjsf (CVE-2026-13676)
vulnerability in openjsf (CVE-2026-13676). Data can be tampered with by attackers.
|
| CVE-2026-13566 |
|
Vulnerability in sqli (CVE-2026-13566)
vulnerability in sqli (CVE-2026-13566). Risk of unauthorized operations or information disclosure.
|