Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8730 |
|
Vulnerability in c (CVE-2026-8730)
vulnerability in c (CVE-2026-8730). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8731 |
|
Vulnerability in c (CVE-2026-8731)
vulnerability in c (CVE-2026-8731). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8728 |
|
Vulnerability in c (CVE-2026-8728)
vulnerability in c (CVE-2026-8728). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8724 |
|
Vulnerability in sqli (CVE-2026-8724)
vulnerability in sqli (CVE-2026-8724). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8723 |
|
Vulnerability in qs (CVE-2026-8723)
vulnerability in qs (CVE-2026-8723). Risk of unauthorized operations or information disclosure. Exploitable via ``qs.stringify``. Mitigation: upgrade to `0c180a4` or later.
|
| CVE-2021-47981 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2021-47981)
cross-site scripting in csrf (CVE-2021-47981). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47979 |
|
Path Traversal in c (CVE-2021-47979)
path traversal in c (CVE-2021-47979). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47977 |
|
Path Traversal in wordpress (CVE-2021-47977)
path traversal in wordpress (CVE-2021-47977). Confidential information can be exposed externally.
|
| CVE-2021-47976 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2021-47976)
vulnerability in csrf (CVE-2021-47976). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47975 |
|
Cross-Site Scripting (XSS) in CVE-2021-47975 (CVE-2021-47975)
cross-site scripting in CVE-2021-47975 (CVE-2021-47975). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47974 |
|
Vulnerability in c (CVE-2021-47974)
vulnerability in c (CVE-2021-47974). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47952 |
|
Code Injection in deserialization (CVE-2021-47952)
code injection in deserialization (CVE-2021-47952). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37247 |
|
Vulnerability in c (CVE-2020-37247)
vulnerability in c (CVE-2020-37247). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47934 |
|
Cross-Site Scripting (XSS) in CVE-2021-47934 (CVE-2021-47934)
cross-site scripting in CVE-2021-47934 (CVE-2021-47934). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47954 |
|
SQL Injection in sqli (CVE-2021-47954)
SQL injection in sqli (CVE-2021-47954). Confidential information can be exposed externally.
|
| CVE-2021-47955 |
|
Cross-Site Scripting (XSS) in CVE-2021-47955 (CVE-2021-47955)
cross-site scripting in CVE-2021-47955 (CVE-2021-47955). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47956 |
|
SQL Injection in sqli (CVE-2021-47956)
SQL injection in sqli (CVE-2021-47956). Confidential information can be exposed externally.
|
| CVE-2020-37240 |
|
Cross-Site Scripting (XSS) in CVE-2020-37240 (CVE-2020-37240)
cross-site scripting in CVE-2020-37240 (CVE-2020-37240). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37246 |
|
Vulnerability in path-traversal (CVE-2020-37246)
vulnerability in path-traversal (CVE-2020-37246). Confidential information can be exposed externally.
|
| CVE-2020-37235 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2020-37235)
cross-site scripting in wordpress (CVE-2020-37235). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37236 |
|
Cross-Site Scripting (XSS) in CVE-2020-37236 (CVE-2020-37236)
cross-site scripting in CVE-2020-37236 (CVE-2020-37236). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37238 |
|
Cross-Site Scripting (XSS) in CVE-2020-37238 (CVE-2020-37238)
cross-site scripting in CVE-2020-37238 (CVE-2020-37238). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37227 |
|
Unrestricted File Upload in CVE-2020-37227 (CVE-2020-37227)
vulnerability in CVE-2020-37227 (CVE-2020-37227). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67031 |
|
Code Injection in CVE-2025-67031 (CVE-2025-67031)
code injection in CVE-2025-67031 (CVE-2025-67031). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46367 |
|
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
|
| CVE-2026-46408 |
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter t...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another u...
|
| CVE-2026-46360 |
|
Cross-Site Scripting (XSS) in phpMyFAQ/phpMyFAQ (CVE-2026-46360)
cross-site scripting in phpMyFAQ/phpMyFAQ (CVE-2026-46360). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-46366 |
|
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
|
| CVE-2026-46361 |
|
Cross-Site Scripting (XSS) in thorsten/phpmyfaq (CVE-2026-46361)
cross-site scripting in thorsten/phpmyfaq (CVE-2026-46361). Confidential information can be exposed externally. Exploitable via ``search.twig``. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-46359 |
|
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
|
| CVE-2026-45622 |
|
Cross-Site Scripting (XSS) in CVE-2026-45622 (CVE-2026-45622)
cross-site scripting in CVE-2026-45622 (CVE-2026-45622). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.3` or later.
|
| CVE-2026-45007 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-45007)
vulnerability in thorsten/phpmyfaq (CVE-2026-45007). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigurationTabController.php``. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2021-47968 |
|
Cross-Site Scripting (XSS) in CVE-2021-47968 (CVE-2021-47968)
cross-site scripting in CVE-2021-47968 (CVE-2021-47968). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47967 |
|
Cross-Site Scripting (XSS) in c (CVE-2021-47967)
cross-site scripting in c (CVE-2021-47967). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47966 |
|
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
|
| CVE-2021-47964 |
|
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
|
| CVE-2021-47962 |
|
Cross-Site Scripting (XSS) in CVE-2021-47962 (CVE-2021-47962)
cross-site scripting in CVE-2021-47962 (CVE-2021-47962). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47963 |
|
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
|
| CVE-2021-47959 |
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
| CVE-2021-47958 |
|
SSRF (Server-Side Request Forgery) in CVE-2021-47958 (CVE-2021-47958)
SSRF in CVE-2021-47958 (CVE-2021-47958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45619 |
|
Vulnerability in WWBN/AVideo (CVE-2026-45619)
vulnerability in WWBN/AVideo (CVE-2026-45619). Confidential information can be exposed externally. Exploitable via ``EpgParser.php``.
|
| CVE-2026-45610 |
|
Vulnerability in WWBN/AVideo (CVE-2026-45610)
vulnerability in WWBN/AVideo (CVE-2026-45610). Data can be tampered with by attackers. Exploitable via ``SameSite``.
|
| CVE-2026-45580 |
|
Cross-Site Scripting (XSS) in WWBN/AVideo (CVE-2026-45580)
cross-site scripting in WWBN/AVideo (CVE-2026-45580). Risk of unauthorized operations or information disclosure. Exploitable via ``echo``.
|
| CVE-2026-45578 |
|
OS Command Injection in WWBN/AVideo (CVE-2026-45578)
OS command injection in WWBN/AVideo (CVE-2026-45578). Successful exploitation can lead to full system takeover. Exploitable via ``on_publish.php``.
|
| CVE-2026-45575 |
|
Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45575)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45575). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.2` or later.
|
| CVE-2026-23695 |
|
Cross-Site Scripting (XSS) in cockpit-hq/cockpit (CVE-2026-23695)
cross-site scripting in cockpit-hq/cockpit (CVE-2026-23695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45574 |
|
Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45574)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45574). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.2` or later.
|
| CVE-2026-46383 |
|
Path Traversal in apm-cli (CVE-2026-46383)
path traversal in apm-cli (CVE-2026-46383). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `0.13.0` or later.
|
| CVE-2026-46491 |
|
Path Traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491)
path traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491). Data can be tampered with by attackers. Exploitable via ``ticket``. Mitigation: upgrade to `7.0.3` or later.
|
| CVE-2026-45036 |
|
OS Command Injection in tabby (CVE-2026-45036)
OS command injection in tabby (CVE-2026-45036). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.233` or later.
|