Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2025-69174 Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
CVE-2025-69106 Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
CVE-2025-69120 Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
CVE-2025-69157 Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
CVE-2025-69123 Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
CVE-2025-69115 Vulnerability in wordpress (CVE-2025-69115)
vulnerability in wordpress (CVE-2025-69115). Successful exploitation can lead to full system takeover.
CVE-2025-69166 Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
CVE-2025-69158 Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
CVE-2025-69126 Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
CVE-2025-69144 Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
CVE-2026-39590 Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
CVE-2025-69175 Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
CVE-2026-39523 Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
CVE-2026-39559 Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.
Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.
CVE-2025-69164 Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
CVE-2025-66391 Vulnerability in CVE-2025-66391 (CVE-2025-66391)
vulnerability in CVE-2025-66391 (CVE-2025-66391). Successful exploitation can lead to full system takeover.
CVE-2026-9690 Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
CVE-2025-69111 Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
CVE-2025-60231 Unsafe Deserialization in deserialization (CVE-2025-60231)
vulnerability in deserialization (CVE-2025-60231). Successful exploitation can lead to full system takeover.
CVE-2025-60229 Unsafe Deserialization in deserialization (CVE-2025-60229)
vulnerability in deserialization (CVE-2025-60229). Successful exploitation can lead to full system takeover.
CVE-2025-69127 Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
CVE-2025-60236 Unsafe Deserialization in deserialization (CVE-2025-60236)
vulnerability in deserialization (CVE-2025-60236). Successful exploitation can lead to full system takeover.
CVE-2025-60230 Unsafe Deserialization in deserialization (CVE-2025-60230)
vulnerability in deserialization (CVE-2025-60230). Successful exploitation can lead to full system takeover.
CVE-2026-8383 Vulnerability in wordpress (CVE-2026-8383)
vulnerability in wordpress (CVE-2026-8383). Risk of unauthorized operations or information disclosure. Exploitable via ``edit``.
CVE-2025-59554 Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
CVE-2026-8607 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8607)
cross-site scripting in wordpress (CVE-2026-8607). Risk of unauthorized operations or information disclosure.
CVE-2026-9570 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9570)
cross-site scripting in wordpress (CVE-2026-9570). Risk of unauthorized operations or information disclosure.
CVE-2026-8494 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8494)
cross-site scripting in wordpress (CVE-2026-8494). Risk of unauthorized operations or information disclosure.
CVE-2026-54187 Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
CVE-2026-54186 Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
CVE-2026-54185 Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
CVE-2026-54811 Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
CVE-2026-53876 OS Command Injection in CVE-2026-53876 (CVE-2026-53876)
OS command injection in CVE-2026-53876 (CVE-2026-53876). Successful exploitation can lead to full system takeover.
CVE-2026-8089 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8089)
cross-site scripting in wordpress (CVE-2026-8089). Risk of unauthorized operations or information disclosure.
CVE-2026-54188 Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
CVE-2026-54195 Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
CVE-2026-54192 Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
CVE-2026-54189 Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
CVE-2026-52705 Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
CVE-2026-54804 Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
CVE-2026-54194 Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
CVE-2026-52706 Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
CVE-2026-54806 Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-54803 Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
CVE-2026-54802 Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-48616 Vulnerability in rocketchat (CVE-2026-48616)
vulnerability in rocketchat (CVE-2026-48616). Confidential information can be exposed externally.
CVE-2026-48929 Authentication Bypass in rocketchat (CVE-2026-48929)
authentication bypass in rocketchat (CVE-2026-48929). Risk of unauthorized operations or information disclosure.
CVE-2026-50203 Path Traversal in apache-airflow-providers-sftp (CVE-2026-50203)
path traversal in apache-airflow-providers-sftp (CVE-2026-50203). Confidential information can be exposed externally. Exploitable via ``SFTPHook.retrieve_directory``. Mitigation: upgrade to `5.8.1` or later.
CVE-2026-49107 Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
CVE-2026-49075 Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →