Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-45300 Information Disclosure in org.asynchttpclient:async-http-client (CVE-2026-45300)
vulnerability in org.asynchttpclient:async-http-client (CVE-2026-45300). Confidential information can be exposed externally. Exploitable via ``Cookie``. Mitigation: upgrade to `2.15.0` or later.
CVE-2026-39079 Information Disclosure in CVE-2026-39079 (CVE-2026-39079)
vulnerability in CVE-2026-39079 (CVE-2026-39079). Confidential information can be exposed externally.
CVE-2026-26462 Vulnerability in CVE-2026-26462 (CVE-2026-26462)
vulnerability in CVE-2026-26462 (CVE-2026-26462). Risk of unauthorized operations or information disclosure.
CVE-2026-45627 Cross-Site Scripting (XSS) in github.com/getarcaneapp/arcane/backend (CVE-2026-45627)
cross-site scripting in github.com/getarcaneapp/arcane/backend (CVE-2026-45627). Confidential information can be exposed externally. Exploitable via `GET /api/app-images/logo`. Mitigation: upgrade to `1.19.0` or later.
CVE-2026-45135 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
CVE-2026-46510 Vulnerability in form-data-objectizer (CVE-2026-46510)
vulnerability in form-data-objectizer (CVE-2026-46510). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-8785 Vulnerability in sqli (CVE-2026-8785)
vulnerability in sqli (CVE-2026-8785). Risk of unauthorized operations or information disclosure.
CVE-2026-8771 Vulnerability in org.linlinjava:litemall-wx-api (CVE-2026-8771)
vulnerability in org.linlinjava:litemall-wx-api (CVE-2026-8771). Risk of unauthorized operations or information disclosure.
CVE-2026-8759 Vulnerability in com.ibeetl:beetl-spring-classic (CVE-2026-8759)
vulnerability in com.ibeetl:beetl-spring-classic (CVE-2026-8759). Risk of unauthorized operations or information disclosure.
CVE-2018-25333 SQL Injection in sqli (CVE-2018-25333)
SQL injection in sqli (CVE-2018-25333). Confidential information can be exposed externally.
CVE-2018-25329 Vulnerability in wordpress (CVE-2018-25329)
vulnerability in wordpress (CVE-2018-25329). Confidential information can be exposed externally.
CVE-2018-25326 Path Traversal in wordpress (CVE-2018-25326)
path traversal in wordpress (CVE-2018-25326). Confidential information can be exposed externally.
CVE-2018-25325 Path Traversal in wordpress (CVE-2018-25325)
path traversal in wordpress (CVE-2018-25325). Confidential information can be exposed externally.
CVE-2018-25319 SQL Injection in sqli (CVE-2018-25319)
SQL injection in sqli (CVE-2018-25319). Confidential information can be exposed externally.
CVE-2026-8751 Vulnerability in deserialization (CVE-2026-8751)
vulnerability in deserialization (CVE-2026-8751). Risk of unauthorized operations or information disclosure.
CVE-2021-47977 Path Traversal in wordpress (CVE-2021-47977)
path traversal in wordpress (CVE-2021-47977). Confidential information can be exposed externally.
CVE-2021-47976 Cross-Site Request Forgery (CSRF) in csrf (CVE-2021-47976)
vulnerability in csrf (CVE-2021-47976). Successful exploitation can lead to full system takeover.
CVE-2021-47979 Path Traversal in c (CVE-2021-47979)
path traversal in c (CVE-2021-47979). Successful exploitation can lead to full system takeover.
CVE-2021-47975 Cross-Site Scripting (XSS) in CVE-2021-47975 (CVE-2021-47975)
cross-site scripting in CVE-2021-47975 (CVE-2021-47975). Risk of unauthorized operations or information disclosure.
CVE-2021-47974 Vulnerability in c (CVE-2021-47974)
vulnerability in c (CVE-2021-47974). Successful exploitation can lead to full system takeover.
CVE-2021-47956 SQL Injection in sqli (CVE-2021-47956)
SQL injection in sqli (CVE-2021-47956). Confidential information can be exposed externally.
CVE-2021-47954 SQL Injection in sqli (CVE-2021-47954)
SQL injection in sqli (CVE-2021-47954). Confidential information can be exposed externally.
CVE-2020-37247 Vulnerability in c (CVE-2020-37247)
vulnerability in c (CVE-2020-37247). Successful exploitation can lead to full system takeover.
CVE-2020-37227 Unrestricted File Upload in CVE-2020-37227 (CVE-2020-37227)
vulnerability in CVE-2020-37227 (CVE-2020-37227). Successful exploitation can lead to full system takeover.
CVE-2026-46408 Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter t...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another u...
CVE-2026-46367 Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2026-46359 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
CVE-2021-47966 PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
CVE-2021-47964 Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
CVE-2021-47963 Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
CVE-2026-45578 OS Command Injection in WWBN/AVideo (CVE-2026-45578)
OS command injection in WWBN/AVideo (CVE-2026-45578). Successful exploitation can lead to full system takeover. Exploitable via ``on_publish.php``.
CVE-2026-45575 Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45575)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45575). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.2` or later.
CVE-2026-45574 Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45574)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45574). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.2` or later.
CVE-2026-46491 Path Traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491)
path traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491). Data can be tampered with by attackers. Exploitable via ``ticket``. Mitigation: upgrade to `7.0.3` or later.
CVE-2026-45036 OS Command Injection in tabby (CVE-2026-45036)
OS command injection in tabby (CVE-2026-45036). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.233` or later.
CVE-2026-45062 Vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062)
vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062). Successful exploitation can lead to full system takeover. Exploitable via ``cgi.go``. Mitigation: upgrade to `1.12.3` or later.
CVE-2026-44716 Path Traversal in pipecat-ai (CVE-2026-44716)
path traversal in pipecat-ai (CVE-2026-44716). Confidential information can be exposed externally. Exploitable via `GET /files/{filename`. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-40092 Vulnerability in nimiq-keys (CVE-2026-40092)
vulnerability in nimiq-keys (CVE-2026-40092). Risk of unauthorized operations or information disclosure. Exploitable via ``TaggedPublicKey``.
CVE-2026-46508 Command Injection in vercel (CVE-2026-46508)
command injection in vercel (CVE-2026-46508). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.14000` or later.
CVE-2026-35194 Code Injection in flink (CVE-2026-35194)
code injection in flink (CVE-2026-35194). Confidential information can be exposed externally. Mitigation: upgrade to `1.20.4, 2.0.2, 2.1.1, 2.2.1` or later.
CVE-2026-38728 Vulnerability in smtp-server (CVE-2026-38728)
vulnerability in smtp-server (CVE-2026-38728). Risk of unauthorized operations or information disclosure. Exploitable via ``_remainder``. Mitigation: upgrade to `3.18.3` or later.
CVE-2026-34253 Vulnerability in c (CVE-2026-34253)
vulnerability in c (CVE-2026-34253). Risk of unauthorized operations or information disclosure.
CVE-2026-6228 Privilege Escalation in wordpress (CVE-2026-6228)
vulnerability in wordpress (CVE-2026-6228). Successful exploitation can lead to full system takeover.
CVE-2026-4094 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
CVE-2026-8585 Vulnerability in c (CVE-2026-8585)
vulnerability in c (CVE-2026-8585). Successful exploitation can lead to full system takeover.
CVE-2026-8519 Vulnerability in c (CVE-2026-8519)
vulnerability in c (CVE-2026-8519). Successful exploitation can lead to full system takeover.
CVE-2026-44673 Vulnerability in c (CVE-2026-44673)
vulnerability in c (CVE-2026-44673). Risk of unauthorized operations or information disclosure.
CVE-2026-45370 Vulnerability in utcp-cli (CVE-2026-45370)
vulnerability in utcp-cli (CVE-2026-45370). Confidential information can be exposed externally. Exploitable via ``cli_communication_protocol.py``. Mitigation: upgrade to `1.1.2` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →