Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-39567 Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
CVE-2026-39539 Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
CVE-2026-39545 Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
CVE-2026-32967 Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.2` or later.
CVE-2026-32966 Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.4.2` or later.
CVE-2026-39433 Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
CVE-2026-28615 Vulnerability in google (CVE-2026-28615)
vulnerability in google (CVE-2026-28615). Successful exploitation can lead to full system takeover.
CVE-2026-28587 Vulnerability in google (CVE-2026-28587)
vulnerability in google (CVE-2026-28587). Confidential information can be exposed externally.
CVE-2026-28575 Vulnerability in dos (CVE-2026-28575)
vulnerability in dos (CVE-2026-28575). Risk of unauthorized operations or information disclosure.
CVE-2026-39446 Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
CVE-2026-39443 Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
CVE-2026-27410 Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
CVE-2026-27869 Vulnerability in dos (CVE-2026-27869)
vulnerability in dos (CVE-2026-27869). Risk of unauthorized operations or information disclosure.
CVE-2026-27429 Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
CVE-2026-27400 Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
CVE-2026-25470 Code Injection in wordpress (CVE-2026-25470)
code injection in wordpress (CVE-2026-25470). Successful exploitation can lead to full system takeover.
CVE-2026-27870 Cross-Site Scripting (XSS) in CVE-2026-27870 (CVE-2026-27870)
cross-site scripting in CVE-2026-27870 (CVE-2026-27870). Risk of unauthorized operations or information disclosure.
CVE-2026-39438 Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
CVE-2026-28576 SQL Injection in sqli (CVE-2026-28576)
SQL injection in sqli (CVE-2026-28576). Confidential information can be exposed externally.
CVE-2026-27041 Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
CVE-2026-25446 Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
CVE-2026-2604 Vulnerability in path-traversal (CVE-2026-2604)
vulnerability in path-traversal (CVE-2026-2604). Data can be tampered with by attackers.
CVE-2026-25439 Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
CVE-2026-34895 Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
CVE-2026-34893 Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
CVE-2026-39522 Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
CVE-2026-34894 Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
CVE-2026-22327 Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
CVE-2026-22342 Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-22325 Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.
Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.
CVE-2026-22338 Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.
Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.
CVE-2026-22331 Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.
Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.
CVE-2026-22330 Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.
Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.
CVE-2026-22326 Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.
Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.
CVE-2026-24575 Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
CVE-2026-24611 Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-24610 Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-22343 Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-12466 Vulnerability in google (CVE-2026-12466)
vulnerability in google (CVE-2026-12466). Successful exploitation can lead to full system takeover.
CVE-2026-22334 Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
CVE-2026-12468 Vulnerability in google (CVE-2026-12468)
vulnerability in google (CVE-2026-12468). Successful exploitation can lead to full system takeover.
CVE-2026-22329 Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.
Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.
CVE-2026-22339 Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
CVE-2026-22328 Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.
CVE-2026-12467 Use-After-Free in Google chrome (CVE-2026-12467)
vulnerability in Google chrome (CVE-2026-12467). Successful exploitation can lead to full system takeover.
CVE-2026-22332 Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
CVE-2026-22335 Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.
CVE-2026-22340 Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
CVE-2026-12463 Cross-Site Scripting (XSS) in google (CVE-2026-12463)
cross-site scripting in google (CVE-2026-12463). Risk of unauthorized operations or information disclosure.
CVE-2026-12459 Cross-Site Scripting (XSS) in google (CVE-2026-12459)
cross-site scripting in google (CVE-2026-12459). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →