Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44161 |
|
SSRF (Server-Side Request Forgery) in fluentd (CVE-2026-44161)
SSRF in fluentd (CVE-2026-44161). Risk of unauthorized operations or information disclosure. Exploitable via ``out_http``. Mitigation: upgrade to `1.19.3` or later.
|
| CVE-2026-44025 |
|
Vulnerability in fluentd (CVE-2026-44025)
vulnerability in fluentd (CVE-2026-44025). Confidential information can be exposed externally. Exploitable via ``in_monitor_agent``. Mitigation: upgrade to `1.19.3` or later.
|
| CVE-2026-44024 |
|
Path Traversal in fluentd (CVE-2026-44024)
path traversal in fluentd (CVE-2026-44024). Successful exploitation can lead to full system takeover. Exploitable via ``path``. Mitigation: upgrade to `1.19.3` or later.
|
| CVE-2026-9639 |
|
Vulnerability in dos (CVE-2026-9639)
vulnerability in dos (CVE-2026-9639). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9640 |
|
Authorization Flaw in privilege-escalation (CVE-2026-9640)
vulnerability in privilege-escalation (CVE-2026-9640). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12411 |
|
Vulnerability in canonical (CVE-2026-12411)
vulnerability in canonical (CVE-2026-12411). Confidential information can be exposed externally.
|
| CVE-2026-57660 |
|
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
|
| CVE-2026-57661 |
|
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
|
| CVE-2026-57649 |
|
Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.
Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.
|
| CVE-2026-57648 |
|
Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.
Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.
|
| CVE-2026-57654 |
|
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
|
| CVE-2026-57645 |
|
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
|
| CVE-2026-57640 |
|
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
|
| CVE-2026-57647 |
|
Vulnerability in CVE-2026-57647 (CVE-2026-57647)
vulnerability in CVE-2026-57647 (CVE-2026-57647). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57657 |
|
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
|
| CVE-2026-57655 |
|
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
|
| CVE-2026-57659 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57659)
vulnerability in csrf (CVE-2026-57659). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57641 |
|
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
|
| CVE-2026-9699 |
|
Vulnerability in CVE-2026-9699 (CVE-2026-9699)
vulnerability in CVE-2026-9699 (CVE-2026-9699). Confidential information can be exposed externally.
|
| CVE-2026-57658 |
|
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
|
| CVE-2026-57664 |
|
Vulnerability in CVE-2026-57664 (CVE-2026-57664)
vulnerability in CVE-2026-57664 (CVE-2026-57664). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57638 |
|
Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.
Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.
|
| CVE-2026-57656 |
|
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
|
| CVE-2026-57650 |
|
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
|
| CVE-2026-57651 |
|
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
|
| CVE-2026-57662 |
|
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
|
| CVE-2026-57667 |
|
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
|
| CVE-2026-57663 |
|
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
|
| CVE-2026-57653 |
|
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
|
| CVE-2026-57644 |
|
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
|
| CVE-2026-57643 |
|
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
|
| CVE-2026-57642 |
|
Contributor SQL Injection in Gallery <= 4.7.8 versions.
Contributor SQL Injection in Gallery <= 4.7.8 versions.
|
| CVE-2026-57312 |
|
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
|
| CVE-2026-56072 |
|
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
|
| CVE-2026-57314 |
|
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
|
| CVE-2026-57313 |
|
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
|
| CVE-2026-57319 |
|
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
|
| CVE-2026-57317 |
|
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
|
| CVE-2026-57617 |
|
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
|
| CVE-2026-57325 |
|
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
|
| CVE-2026-57322 |
|
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
|
| CVE-2026-57618 |
|
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
|
| CVE-2026-57431 |
|
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
|
| CVE-2026-57629 |
|
Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
|
| CVE-2026-57636 |
|
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
|
| CVE-2026-57628 |
|
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
|
| CVE-2026-57631 |
|
Administrator SQL Injection in Popup box <= 6.0.1 versions.
Administrator SQL Injection in Popup box <= 6.0.1 versions.
|
| CVE-2026-56068 |
|
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
|
| CVE-2026-56067 |
|
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
|
| CVE-2026-56070 |
|
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
|