Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-49763 Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
CVE-2026-49105 Unsafe Deserialization in CVE-2026-49105 (CVE-2026-49105)
vulnerability in CVE-2026-49105 (CVE-2026-49105). Successful exploitation can lead to full system takeover.
CVE-2026-49106 Unsafe Deserialization in CVE-2026-49106 (CVE-2026-49106)
vulnerability in CVE-2026-49106 (CVE-2026-49106). Successful exploitation can lead to full system takeover.
CVE-2026-49104 Unsafe Deserialization in CVE-2026-49104 (CVE-2026-49104)
vulnerability in CVE-2026-49104 (CVE-2026-49104). Successful exploitation can lead to full system takeover.
CVE-2026-49085 Unsafe Deserialization in CVE-2026-49085 (CVE-2026-49085)
vulnerability in CVE-2026-49085 (CVE-2026-49085). Successful exploitation can lead to full system takeover.
CVE-2026-49109 Unsafe Deserialization in CVE-2026-49109 (CVE-2026-49109)
vulnerability in CVE-2026-49109 (CVE-2026-49109). Successful exploitation can lead to full system takeover.
CVE-2026-48886 Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
CVE-2026-27053 Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.
Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.
CVE-2026-50869 Path Traversal in path-traversal (CVE-2026-50869)
path traversal in path-traversal (CVE-2026-50869). Successful exploitation can lead to full system takeover.
CVE-2026-49952 Vulnerability in CVE-2026-49952 (CVE-2026-49952)
vulnerability in CVE-2026-49952 (CVE-2026-49952). Confidential information can be exposed externally.
CVE-2026-38329 Vulnerability in CVE-2026-38329 (CVE-2026-38329)
vulnerability in CVE-2026-38329 (CVE-2026-38329). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/files/{key}`.
CVE-2018-25436 Unrestricted File Upload in wordpress (CVE-2018-25436)
vulnerability in wordpress (CVE-2018-25436). Successful exploitation can lead to full system takeover.
CVE-2026-12183 Authentication Bypass in CVE-2026-12183 (CVE-2026-12183)
authentication bypass in CVE-2026-12183 (CVE-2026-12183). Successful exploitation can lead to full system takeover.
CVE-2026-53609 Vulnerability in CVE-2026-53609 (CVE-2026-53609)
vulnerability in CVE-2026-53609 (CVE-2026-53609). Confidential information can be exposed externally. Exploitable via ``__proto__``.
CVE-2026-50091 Vulnerability in c (CVE-2026-50091)
vulnerability in c (CVE-2026-50091). Confidential information can be exposed externally.
CVE-2026-50090 Vulnerability in c (CVE-2026-50090)
vulnerability in c (CVE-2026-50090). Confidential information can be exposed externally.
CVE-2026-50086 Vulnerability in c (CVE-2026-50086)
vulnerability in c (CVE-2026-50086). Successful exploitation can lead to full system takeover.
CVE-2026-50084 Vulnerability in c (CVE-2026-50084)
vulnerability in c (CVE-2026-50084). Confidential information can be exposed externally.
CVE-2026-50083 Vulnerability in c (CVE-2026-50083)
vulnerability in c (CVE-2026-50083). Confidential information can be exposed externally.
CVE-2026-53787 Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
CVE-2026-54133 Vulnerability in jmespath (CVE-2026-54133)
vulnerability in jmespath (CVE-2026-54133). Successful exploitation can lead to full system takeover. Exploitable via ``JP_PHP_COMPILE``. Mitigation: upgrade to `2.9.1` or later.
CVE-2026-45060 SQL Injection in sqli (CVE-2026-45060)
SQL injection in sqli (CVE-2026-45060). Successful exploitation can lead to full system takeover.
CVE-2026-38581 SQL Injection in sqli (CVE-2026-38581)
SQL injection in sqli (CVE-2026-38581). Successful exploitation can lead to full system takeover.
CVE-2026-35273 KEV [KEV] Vulnerability in Oracle c (CVE-2026-35273)
vulnerability in Oracle c (CVE-2026-35273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-45558 Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
CVE-2026-45328 Vulnerability in c (CVE-2026-45328)
vulnerability in c (CVE-2026-45328). Successful exploitation can lead to full system takeover.
CVE-2026-38615 DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
CVE-2026-34691 Cross-Site Scripting (XSS) in adobe (CVE-2026-34691)
cross-site scripting in adobe (CVE-2026-34691). Confidential information can be exposed externally.
CVE-2017-20251 Code Injection in wordpress (CVE-2017-20251)
code injection in wordpress (CVE-2017-20251). Successful exploitation can lead to full system takeover.
CVE-2026-9698 Out-of-Bounds Write in perl (CVE-2026-9698)
out-of-bounds write in perl (CVE-2026-9698). Successful exploitation can lead to full system takeover.
CVE-2026-40128 Vulnerability in path-traversal (CVE-2026-40128)
vulnerability in path-traversal (CVE-2026-40128). Successful exploitation can lead to full system takeover.
CVE-2026-11393 Code Injection in Amazon aws (CVE-2026-11393)
code injection in Amazon aws (CVE-2026-11393). Successful exploitation can lead to full system takeover.
CVE-2026-52778 Code Injection in dos (CVE-2026-52778)
code injection in dos (CVE-2026-52778). Successful exploitation can lead to full system takeover.
CVE-2026-46289 Vulnerability in c (CVE-2026-46289)
vulnerability in c (CVE-2026-46289). Successful exploitation can lead to full system takeover.
CVE-2023-54352 Vulnerability in wordpress (CVE-2023-54352)
vulnerability in wordpress (CVE-2023-54352). Successful exploitation can lead to full system takeover.
CVE-2024-58348 Unrestricted File Upload in wordpress (CVE-2024-58348)
vulnerability in wordpress (CVE-2024-58348). Successful exploitation can lead to full system takeover.
CVE-2026-10879 Out-of-Bounds Write in perl (CVE-2026-10879)
out-of-bounds write in perl (CVE-2026-10879). Successful exploitation can lead to full system takeover.
CVE-2026-7763 Vulnerability in c (CVE-2026-7763)
vulnerability in c (CVE-2026-7763). Successful exploitation can lead to full system takeover.
CVE-2026-11088 Vulnerability in c (CVE-2026-11088)
vulnerability in c (CVE-2026-11088). Successful exploitation can lead to full system takeover.
CVE-2025-71316 Vulnerability in c (CVE-2025-71316)
vulnerability in c (CVE-2025-71316). Successful exploitation can lead to full system takeover.
CVE-2026-48040 Out-of-Bounds Read in io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (CVE-2026-48040)
vulnerability in io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (CVE-2026-48040). Confidential information can be exposed externally. Exploitable via ``sun.misc.Unsafe``. Mitigation: upgrade to `0.0.22.Final` or later.
CVE-2026-25550 Vulnerability in csharp (CVE-2026-25550)
vulnerability in csharp (CVE-2026-25550). Successful exploitation can lead to full system takeover.
CVE-2026-50076 Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
CVE-2026-43986 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)
SSRF in ssrf (CVE-2026-43986). Confidential information can be exposed externally. Exploitable via ``image_hash_lookup``.
CVE-2019-25738 Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
CVE-2019-25727 Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
CVE-2019-25729 Cross-Site Request Forgery (CSRF) in csrf (CVE-2019-25729)
vulnerability in csrf (CVE-2019-25729). Successful exploitation can lead to full system takeover.
CVE-2026-46244 Vulnerability in c (CVE-2026-46244)
vulnerability in c (CVE-2026-46244). Confidential information can be exposed externally.
CVE-2026-5241 Vulnerability in huggingface (CVE-2026-5241)
vulnerability in huggingface (CVE-2026-5241). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``.
CVE-2026-47065 Unsafe Deserialization in apache (CVE-2026-47065)
vulnerability in apache (CVE-2026-47065). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →