Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2017-20272 |
|
SQL Injection in sqli (CVE-2017-20272)
SQL injection in sqli (CVE-2017-20272). Confidential information can be exposed externally.
|
| CVE-2017-20280 |
|
SQL Injection in sqli (CVE-2017-20280)
SQL injection in sqli (CVE-2017-20280). Confidential information can be exposed externally.
|
| CVE-2017-20264 |
|
SQL Injection in sqli (CVE-2017-20264)
SQL injection in sqli (CVE-2017-20264). Confidential information can be exposed externally.
|
| CVE-2017-20265 |
|
SQL Injection in sqli (CVE-2017-20265)
SQL injection in sqli (CVE-2017-20265). Confidential information can be exposed externally.
|
| CVE-2017-20262 |
|
SQL Injection in sqli (CVE-2017-20262)
SQL injection in sqli (CVE-2017-20262). Confidential information can be exposed externally.
|
| CVE-2017-20259 |
|
SQL Injection in sqli (CVE-2017-20259)
SQL injection in sqli (CVE-2017-20259). Confidential information can be exposed externally.
|
| CVE-2017-20263 |
|
SQL Injection in sqli (CVE-2017-20263)
SQL injection in sqli (CVE-2017-20263). Confidential information can be exposed externally.
|
| CVE-2017-20258 |
|
SQL Injection in sqli (CVE-2017-20258)
SQL injection in sqli (CVE-2017-20258). Confidential information can be exposed externally.
|
| CVE-2017-20254 |
|
SQL Injection in sqli (CVE-2017-20254)
SQL injection in sqli (CVE-2017-20254). Confidential information can be exposed externally.
|
| CVE-2017-20255 |
|
SQL Injection in sqli (CVE-2017-20255)
SQL injection in sqli (CVE-2017-20255). Confidential information can be exposed externally.
|
| CVE-2017-20252 |
|
SQL Injection in sqli (CVE-2017-20252)
SQL injection in sqli (CVE-2017-20252). Confidential information can be exposed externally.
|
| CVE-2026-49286 |
|
Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-49260 |
|
OS Command Injection in pontedilana/php-weasyprint (CVE-2026-49260)
OS command injection in pontedilana/php-weasyprint (CVE-2026-49260). Successful exploitation can lead to full system takeover. Exploitable via ``master``. Mitigation: upgrade to `2.5.1` or later.
|
| CVE-2026-52910 |
|
Out-of-Bounds Read in c (CVE-2026-52910)
vulnerability in c (CVE-2026-52910). Successful exploitation can lead to full system takeover.
|
| CVE-2023-54353 |
|
Vulnerability in c (CVE-2023-54353)
vulnerability in c (CVE-2023-54353). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48716 |
|
Path Traversal in CVE-2026-48716 (CVE-2026-48716)
path traversal in CVE-2026-48716 (CVE-2026-48716). Data can be tampered with by attackers.
|
| CVE-2026-55204 |
|
Vulnerability in c (CVE-2026-55204)
vulnerability in c (CVE-2026-55204). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55237 |
|
Vulnerability in CVE-2026-55237 (CVE-2026-55237)
vulnerability in CVE-2026-55237 (CVE-2026-55237). Confidential information can be exposed externally. Exploitable via ``next``.
|
| CVE-2026-8461 |
|
Out-of-Bounds Write in c (CVE-2026-8461)
out-of-bounds write in c (CVE-2026-8461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42487 |
|
Vulnerability in c (CVE-2026-42487)
vulnerability in c (CVE-2026-42487). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55603 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55603)
vulnerability in http-proxy-middleware (CVE-2026-55603). Data can be tampered with by attackers. Exploitable via ``req.body``. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-55602 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55602)
vulnerability in http-proxy-middleware (CVE-2026-55602). Data can be tampered with by attackers. Exploitable via ``router``. Mitigation: upgrade to `2.0.10` or later.
|
| CVE-2026-55388 |
|
Code Injection in piscina (CVE-2026-55388)
code injection in piscina (CVE-2026-55388). Successful exploitation can lead to full system takeover. Exploitable via `POST /upload`. Mitigation: upgrade to `6.0.0-rc.2` or later.
|
| CVE-2026-55746 |
|
Cross-Site Scripting (XSS) in cotonti/cotonti (CVE-2026-55746)
cross-site scripting in cotonti/cotonti (CVE-2026-55746). Confidential information can be exposed externally.
|
| CVE-2026-55744 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
|
| CVE-2026-55741 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9860 |
|
Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50200 |
|
Information Disclosure in Steeltoe.Management.Endpoint (CVE-2026-50200)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50200). Confidential information can be exposed externally. Exploitable via ``Sanitizer``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-50196 |
|
Vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196)
vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196). Risk of unauthorized operations or information disclosure. Exploitable via ``DataCenterInfo.FromJson``. Mitigation: upgrade to `3.4.0` or later.
|
| CVE-2026-50194 |
|
Vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-48997 |
|
OS Command Injection in c (CVE-2026-48997)
OS command injection in c (CVE-2026-48997). Data can be tampered with by attackers.
|
| CVE-2026-12529 |
|
Vulnerability in CVE-2026-12529 (CVE-2026-12529)
vulnerability in CVE-2026-12529 (CVE-2026-12529). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11407 |
|
Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12530 |
|
Vulnerability in Amazon bedrock-agentcore (CVE-2026-12530)
vulnerability in Amazon bedrock-agentcore (CVE-2026-12530). Confidential information can be exposed externally. Mitigation: upgrade to `1.6.1` or later.
|
| CVE-2026-48979 |
|
Vulnerability in php-standard-library/h2 (CVE-2026-48979)
vulnerability in php-standard-library/h2 (CVE-2026-48979). Data can be tampered with by attackers. Exploitable via ``StreamException``. Mitigation: upgrade to `6.2.1` or later.
|
| CVE-2026-55409 |
|
Cross-Site Scripting (XSS) in filament/forms (CVE-2026-55409)
cross-site scripting in filament/forms (CVE-2026-55409). Confidential information can be exposed externally. Exploitable via ``RichEditor``. Mitigation: upgrade to `3.3.53` or later.
|
| CVE-2025-26240 |
|
Vulnerability in pdfkit (CVE-2025-26240)
vulnerability in pdfkit (CVE-2025-26240). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54415 |
|
Privilege Escalation in CVE-2026-54415 (CVE-2026-54415)
vulnerability in CVE-2026-54415 (CVE-2026-54415). Confidential information can be exposed externally.
|
| CVE-2026-55738 |
|
Vulnerability in c (CVE-2026-55738)
vulnerability in c (CVE-2026-55738). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54417 |
|
Vulnerability in c (CVE-2026-54417)
vulnerability in c (CVE-2026-54417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54814 |
|
Vulnerability in CVE-2026-54814 (CVE-2026-54814)
vulnerability in CVE-2026-54814 (CVE-2026-54814). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69130 |
|
Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39576 |
|
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
|
| CVE-2026-39560 |
|
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
|
| CVE-2026-39445 |
|
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
|
| CVE-2026-40738 |
|
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
|
| CVE-2026-40756 |
|
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
|
| CVE-2026-40752 |
|
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
|
| CVE-2026-40757 |
|
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
|
| CVE-2026-40733 |
|
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
|