Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49763 |
|
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
|
| CVE-2026-49105 |
|
Unsafe Deserialization in CVE-2026-49105 (CVE-2026-49105)
vulnerability in CVE-2026-49105 (CVE-2026-49105). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49106 |
|
Unsafe Deserialization in CVE-2026-49106 (CVE-2026-49106)
vulnerability in CVE-2026-49106 (CVE-2026-49106). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49104 |
|
Unsafe Deserialization in CVE-2026-49104 (CVE-2026-49104)
vulnerability in CVE-2026-49104 (CVE-2026-49104). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49085 |
|
Unsafe Deserialization in CVE-2026-49085 (CVE-2026-49085)
vulnerability in CVE-2026-49085 (CVE-2026-49085). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49109 |
|
Unsafe Deserialization in CVE-2026-49109 (CVE-2026-49109)
vulnerability in CVE-2026-49109 (CVE-2026-49109). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48886 |
|
Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
|
| CVE-2026-27053 |
|
Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.
Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.
|
| CVE-2026-50869 |
|
Path Traversal in path-traversal (CVE-2026-50869)
path traversal in path-traversal (CVE-2026-50869). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49952 |
|
Vulnerability in CVE-2026-49952 (CVE-2026-49952)
vulnerability in CVE-2026-49952 (CVE-2026-49952). Confidential information can be exposed externally.
|
| CVE-2026-38329 |
|
Vulnerability in CVE-2026-38329 (CVE-2026-38329)
vulnerability in CVE-2026-38329 (CVE-2026-38329). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/files/{key}`.
|
| CVE-2018-25436 |
|
Unrestricted File Upload in wordpress (CVE-2018-25436)
vulnerability in wordpress (CVE-2018-25436). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12183 |
|
Authentication Bypass in CVE-2026-12183 (CVE-2026-12183)
authentication bypass in CVE-2026-12183 (CVE-2026-12183). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53609 |
|
Vulnerability in CVE-2026-53609 (CVE-2026-53609)
vulnerability in CVE-2026-53609 (CVE-2026-53609). Confidential information can be exposed externally. Exploitable via ``__proto__``.
|
| CVE-2026-50091 |
|
Vulnerability in c (CVE-2026-50091)
vulnerability in c (CVE-2026-50091). Confidential information can be exposed externally.
|
| CVE-2026-50090 |
|
Vulnerability in c (CVE-2026-50090)
vulnerability in c (CVE-2026-50090). Confidential information can be exposed externally.
|
| CVE-2026-50086 |
|
Vulnerability in c (CVE-2026-50086)
vulnerability in c (CVE-2026-50086). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50084 |
|
Vulnerability in c (CVE-2026-50084)
vulnerability in c (CVE-2026-50084). Confidential information can be exposed externally.
|
| CVE-2026-50083 |
|
Vulnerability in c (CVE-2026-50083)
vulnerability in c (CVE-2026-50083). Confidential information can be exposed externally.
|
| CVE-2026-53787 |
|
Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54133 |
|
Vulnerability in jmespath (CVE-2026-54133)
vulnerability in jmespath (CVE-2026-54133). Successful exploitation can lead to full system takeover. Exploitable via ``JP_PHP_COMPILE``. Mitigation: upgrade to `2.9.1` or later.
|
| CVE-2026-45060 |
|
SQL Injection in sqli (CVE-2026-45060)
SQL injection in sqli (CVE-2026-45060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38581 |
|
SQL Injection in sqli (CVE-2026-38581)
SQL injection in sqli (CVE-2026-38581). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35273 KEV |
|
[KEV] Vulnerability in Oracle c (CVE-2026-35273)
vulnerability in Oracle c (CVE-2026-35273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-45558 |
|
Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
|
| CVE-2026-45328 |
|
Vulnerability in c (CVE-2026-45328)
vulnerability in c (CVE-2026-45328). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38615 |
|
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
|
| CVE-2026-34691 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2026-34691)
cross-site scripting in adobe (CVE-2026-34691). Confidential information can be exposed externally.
|
| CVE-2017-20251 |
|
Code Injection in wordpress (CVE-2017-20251)
code injection in wordpress (CVE-2017-20251). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9698 |
|
Out-of-Bounds Write in perl (CVE-2026-9698)
out-of-bounds write in perl (CVE-2026-9698). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40128 |
|
Vulnerability in path-traversal (CVE-2026-40128)
vulnerability in path-traversal (CVE-2026-40128). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11393 |
|
Code Injection in Amazon aws (CVE-2026-11393)
code injection in Amazon aws (CVE-2026-11393). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52778 |
|
Code Injection in dos (CVE-2026-52778)
code injection in dos (CVE-2026-52778). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46289 |
|
Vulnerability in c (CVE-2026-46289)
vulnerability in c (CVE-2026-46289). Successful exploitation can lead to full system takeover.
|
| CVE-2023-54352 |
|
Vulnerability in wordpress (CVE-2023-54352)
vulnerability in wordpress (CVE-2023-54352). Successful exploitation can lead to full system takeover.
|
| CVE-2024-58348 |
|
Unrestricted File Upload in wordpress (CVE-2024-58348)
vulnerability in wordpress (CVE-2024-58348). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10879 |
|
Out-of-Bounds Write in perl (CVE-2026-10879)
out-of-bounds write in perl (CVE-2026-10879). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7763 |
|
Vulnerability in c (CVE-2026-7763)
vulnerability in c (CVE-2026-7763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11088 |
|
Vulnerability in c (CVE-2026-11088)
vulnerability in c (CVE-2026-11088). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71316 |
|
Vulnerability in c (CVE-2025-71316)
vulnerability in c (CVE-2025-71316). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48040 |
|
Out-of-Bounds Read in io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (CVE-2026-48040)
vulnerability in io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (CVE-2026-48040). Confidential information can be exposed externally. Exploitable via ``sun.misc.Unsafe``. Mitigation: upgrade to `0.0.22.Final` or later.
|
| CVE-2026-25550 |
|
Vulnerability in csharp (CVE-2026-25550)
vulnerability in csharp (CVE-2026-25550). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50076 |
|
Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
|
| CVE-2026-43986 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)
SSRF in ssrf (CVE-2026-43986). Confidential information can be exposed externally. Exploitable via ``image_hash_lookup``.
|
| CVE-2019-25738 |
|
Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25727 |
|
Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25729 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2019-25729)
vulnerability in csrf (CVE-2019-25729). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46244 |
|
Vulnerability in c (CVE-2026-46244)
vulnerability in c (CVE-2026-46244). Confidential information can be exposed externally.
|
| CVE-2026-5241 |
|
Vulnerability in huggingface (CVE-2026-5241)
vulnerability in huggingface (CVE-2026-5241). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``.
|
| CVE-2026-47065 |
|
Unsafe Deserialization in apache (CVE-2026-47065)
vulnerability in apache (CVE-2026-47065). Successful exploitation can lead to full system takeover.
|