Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40725 |
|
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
|
| CVE-2026-40761 |
|
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
|
| CVE-2026-40760 |
|
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
|
| CVE-2026-42380 |
|
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
|
| CVE-2026-42385 |
|
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
|
| CVE-2026-40765 |
|
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
|
| CVE-2026-41557 |
|
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
|
| CVE-2026-39596 |
|
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
|
| CVE-2026-39597 |
|
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
|
| CVE-2026-39548 |
|
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
|
| CVE-2026-39598 |
|
Unrestricted File Upload in CVE-2026-39598 (CVE-2026-39598)
vulnerability in CVE-2026-39598 (CVE-2026-39598). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39589 |
|
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
|
| CVE-2026-39547 |
|
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
|
| CVE-2026-40721 |
|
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
|
| CVE-2026-39549 |
|
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
|
| CVE-2026-39582 |
|
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
|
| CVE-2026-39537 |
|
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
|
| CVE-2026-39558 |
|
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
|
| CVE-2026-39568 |
|
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
|
| CVE-2026-40723 |
|
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
|
| CVE-2026-40722 |
|
Vulnerability in CVE-2026-40722 (CVE-2026-40722)
vulnerability in CVE-2026-40722 (CVE-2026-40722). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39595 |
|
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
|
| CVE-2026-39545 |
|
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
|
| CVE-2026-39539 |
|
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
|
| CVE-2026-39567 |
|
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
|
| CVE-2026-39578 |
|
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
|
| CVE-2026-39554 |
|
Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.
|
| CVE-2026-39573 |
|
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
|
| CVE-2026-39529 |
|
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
|
| CVE-2026-39557 |
|
Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.
Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.
|
| CVE-2026-39577 |
|
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
|
| CVE-2026-39580 |
|
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
|
| CVE-2026-32967 |
|
Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.2` or later.
|
| CVE-2026-32966 |
|
Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.4.2` or later.
|
| CVE-2026-27400 |
|
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
|
| CVE-2026-39433 |
|
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
|
| CVE-2026-28615 |
|
Vulnerability in google (CVE-2026-28615)
vulnerability in google (CVE-2026-28615). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28587 |
|
Vulnerability in google (CVE-2026-28587)
vulnerability in google (CVE-2026-28587). Confidential information can be exposed externally.
|
| CVE-2026-25470 |
|
Code Injection in wordpress (CVE-2026-25470)
code injection in wordpress (CVE-2026-25470). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27869 |
|
Vulnerability in dos (CVE-2026-27869)
vulnerability in dos (CVE-2026-27869). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27429 |
|
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
|
| CVE-2026-27410 |
|
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
|
| CVE-2026-39443 |
|
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
|
| CVE-2026-39446 |
|
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
|
| CVE-2026-28575 |
|
Vulnerability in dos (CVE-2026-28575)
vulnerability in dos (CVE-2026-28575). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39438 |
|
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
|
| CVE-2026-28576 |
|
SQL Injection in sqli (CVE-2026-28576)
SQL injection in sqli (CVE-2026-28576). Confidential information can be exposed externally.
|
| CVE-2026-27870 |
|
Cross-Site Scripting (XSS) in CVE-2026-27870 (CVE-2026-27870)
cross-site scripting in CVE-2026-27870 (CVE-2026-27870). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27041 |
|
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
|
| CVE-2026-25446 |
|
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
|