Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-69111 |
|
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
|
| CVE-2025-60231 |
|
Unsafe Deserialization in deserialization (CVE-2025-60231)
vulnerability in deserialization (CVE-2025-60231). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60229 |
|
Unsafe Deserialization in deserialization (CVE-2025-60229)
vulnerability in deserialization (CVE-2025-60229). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69127 |
|
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
|
| CVE-2025-60236 |
|
Unsafe Deserialization in deserialization (CVE-2025-60236)
vulnerability in deserialization (CVE-2025-60236). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60230 |
|
Unsafe Deserialization in deserialization (CVE-2025-60230)
vulnerability in deserialization (CVE-2025-60230). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9690 |
|
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
|
| CVE-2026-8607 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8607)
cross-site scripting in wordpress (CVE-2026-8607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9570 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9570)
cross-site scripting in wordpress (CVE-2026-9570). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8494 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8494)
cross-site scripting in wordpress (CVE-2026-8494). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-59554 |
|
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
|
| CVE-2026-8089 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8089)
cross-site scripting in wordpress (CVE-2026-8089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54188 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
|
| CVE-2026-54195 |
|
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
|
| CVE-2026-54192 |
|
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
|
| CVE-2026-54189 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
|
| CVE-2026-54187 |
|
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
|
| CVE-2026-54186 |
|
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
|
| CVE-2026-54185 |
|
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
|
| CVE-2026-54811 |
|
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
|
| CVE-2026-53876 |
|
OS Command Injection in CVE-2026-53876 (CVE-2026-53876)
OS command injection in CVE-2026-53876 (CVE-2026-53876). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54804 |
|
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
|
| CVE-2026-52705 |
|
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
|
| CVE-2026-54803 |
|
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
|
| CVE-2026-54802 |
|
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
|
| CVE-2026-54194 |
|
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
|
| CVE-2026-52706 |
|
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
|
| CVE-2026-54806 |
|
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
|
| CVE-2026-48616 |
|
Vulnerability in rocketchat (CVE-2026-48616)
vulnerability in rocketchat (CVE-2026-48616). Confidential information can be exposed externally.
|
| CVE-2026-49081 |
|
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
|
| CVE-2026-49072 |
|
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.
|
| CVE-2026-49057 |
|
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
|
| CVE-2026-45436 |
|
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
|
| CVE-2026-49107 |
|
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
|
| CVE-2026-49075 |
|
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
|
| CVE-2026-48929 |
|
Authentication Bypass in rocketchat (CVE-2026-48929)
authentication bypass in rocketchat (CVE-2026-48929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50203 |
|
Path Traversal in apache-airflow-providers-sftp (CVE-2026-50203)
path traversal in apache-airflow-providers-sftp (CVE-2026-50203). Confidential information can be exposed externally. Exploitable via ``SFTPHook.retrieve_directory``. Mitigation: upgrade to `5.8.1` or later.
|
| CVE-2026-49113 |
|
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
|
| CVE-2026-49778 |
|
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
|
| CVE-2026-48869 |
|
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
|
| CVE-2026-49074 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
|
| CVE-2026-48875 |
|
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
|
| CVE-2026-49076 |
|
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
|
| CVE-2026-49073 |
|
SQL Injection in sqli (CVE-2026-49073)
SQL injection in sqli (CVE-2026-49073). Confidential information can be exposed externally.
|
| CVE-2026-49079 |
|
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
|
| CVE-2026-48967 |
|
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
|
| CVE-2026-49080 |
|
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
|
| CVE-2026-49084 |
|
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
|
| CVE-2026-47340 |
|
Information Disclosure in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-47340)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-47340). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.2` or later.
|
| CVE-2026-49767 |
|
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
|