Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: products Clear
ID Title
CVE-2017-20280 SQL Injection in sqli (CVE-2017-20280)
SQL injection in sqli (CVE-2017-20280). Confidential information can be exposed externally.
CVE-2017-20264 SQL Injection in sqli (CVE-2017-20264)
SQL injection in sqli (CVE-2017-20264). Confidential information can be exposed externally.
CVE-2017-20265 SQL Injection in sqli (CVE-2017-20265)
SQL injection in sqli (CVE-2017-20265). Confidential information can be exposed externally.
CVE-2017-20262 SQL Injection in sqli (CVE-2017-20262)
SQL injection in sqli (CVE-2017-20262). Confidential information can be exposed externally.
CVE-2017-20259 SQL Injection in sqli (CVE-2017-20259)
SQL injection in sqli (CVE-2017-20259). Confidential information can be exposed externally.
CVE-2017-20263 SQL Injection in sqli (CVE-2017-20263)
SQL injection in sqli (CVE-2017-20263). Confidential information can be exposed externally.
CVE-2017-20258 SQL Injection in sqli (CVE-2017-20258)
SQL injection in sqli (CVE-2017-20258). Confidential information can be exposed externally.
CVE-2017-20254 SQL Injection in sqli (CVE-2017-20254)
SQL injection in sqli (CVE-2017-20254). Confidential information can be exposed externally.
CVE-2017-20255 SQL Injection in sqli (CVE-2017-20255)
SQL injection in sqli (CVE-2017-20255). Confidential information can be exposed externally.
CVE-2017-20252 SQL Injection in sqli (CVE-2017-20252)
SQL injection in sqli (CVE-2017-20252). Confidential information can be exposed externally.
CVE-2026-49286 Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
CVE-2026-49359 SSRF (Server-Side Request Forgery) in pontedilana/php-weasyprint (CVE-2026-49359)
SSRF in pontedilana/php-weasyprint (CVE-2026-49359). Confidential information can be exposed externally. Exploitable via ``attachment``. Mitigation: upgrade to `2.6.0` or later.
CVE-2026-49260 OS Command Injection in pontedilana/php-weasyprint (CVE-2026-49260)
OS command injection in pontedilana/php-weasyprint (CVE-2026-49260). Successful exploitation can lead to full system takeover. Exploitable via ``master``. Mitigation: upgrade to `2.5.1` or later.
CVE-2026-49230 Vulnerability in apache (CVE-2026-49230)
vulnerability in apache (CVE-2026-49230). Confidential information can be exposed externally.
CVE-2026-49231 Vulnerability in apache (CVE-2026-49231)
vulnerability in apache (CVE-2026-49231). Risk of unauthorized operations or information disclosure.
CVE-2026-48895 Open Redirect in apache (CVE-2026-48895)
vulnerability in apache (CVE-2026-48895). Risk of unauthorized operations or information disclosure.
CVE-2026-49871 Cross-Site Request Forgery (CSRF) in apache (CVE-2026-49871)
vulnerability in apache (CVE-2026-49871). Confidential information can be exposed externally.
CVE-2026-49872 Authentication Bypass in apache (CVE-2026-49872)
authentication bypass in apache (CVE-2026-49872). Confidential information can be exposed externally.
CVE-2026-44087 Vulnerability in apache (CVE-2026-44087)
vulnerability in apache (CVE-2026-44087). Confidential information can be exposed externally.
CVE-2026-39998 Vulnerability in apache (CVE-2026-39998)
vulnerability in apache (CVE-2026-39998). Successful exploitation can lead to full system takeover.
CVE-2026-44046 Vulnerability in apache (CVE-2026-44046)
vulnerability in apache (CVE-2026-44046). Risk of unauthorized operations or information disclosure.
CVE-2026-44915 Open Redirect in apache (CVE-2026-44915)
vulnerability in apache (CVE-2026-44915). Risk of unauthorized operations or information disclosure.
CVE-2026-47339 Authorization Flaw in apache (CVE-2026-47339)
vulnerability in apache (CVE-2026-47339). Confidential information can be exposed externally.
CVE-2026-39999 Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
CVE-2026-47341 Vulnerability in apache (CVE-2026-47341)
vulnerability in apache (CVE-2026-47341). Risk of unauthorized operations or information disclosure.
CVE-2026-49358 Vulnerability in pontedilana/php-weasyprint (CVE-2026-49358)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49358). Risk of unauthorized operations or information disclosure. Exploitable via ``realpath``. Mitigation: upgrade to `2.6.0` or later.
CVE-2026-55767 Vulnerability in guzzlehttp/guzzle (CVE-2026-55767)
vulnerability in guzzlehttp/guzzle (CVE-2026-55767). Risk of unauthorized operations or information disclosure. Exploitable via ``CookieJar``. Mitigation: upgrade to `7.12.1` or later.
CVE-2026-55766 Vulnerability in guzzlehttp/psr7 (CVE-2026-55766)
vulnerability in guzzlehttp/psr7 (CVE-2026-55766). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `2.12.1` or later.
CVE-2026-55568 Vulnerability in guzzlehttp/guzzle (CVE-2026-55568)
vulnerability in guzzlehttp/guzzle (CVE-2026-55568). Confidential information can be exposed externally. Exploitable via ``proxy``. Mitigation: upgrade to `7.12.1` or later.
CVE-2026-7515 Vulnerability in wordpress (CVE-2026-7515)
vulnerability in wordpress (CVE-2026-7515). Successful exploitation can lead to full system takeover. Exploitable via ``doc_style``.
CVE-2026-8118 Vulnerability in wordpress (CVE-2026-8118)
vulnerability in wordpress (CVE-2026-8118). Confidential information can be exposed externally.
CVE-2026-54414 Path Traversal in path-traversal (CVE-2026-54414)
path traversal in path-traversal (CVE-2026-54414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.16.0` or later.
CVE-2026-8713 Path Traversal in wordpress (CVE-2026-8713)
path traversal in wordpress (CVE-2026-8713). Data can be tampered with by attackers.
CVE-2026-49257 Vulnerability in mcp-pinot-server (CVE-2026-49257)
vulnerability in mcp-pinot-server (CVE-2026-49257). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-40457 Cross-Site Scripting (XSS) in CVE-2026-40457 (CVE-2026-40457)
cross-site scripting in CVE-2026-40457 (CVE-2026-40457). Risk of unauthorized operations or information disclosure.
CVE-2026-40455 SQL Injection in sqli (CVE-2026-40455)
SQL injection in sqli (CVE-2026-40455). Risk of unauthorized operations or information disclosure.
CVE-2026-54419 SQL Injection in sqli (CVE-2026-54419)
SQL injection in sqli (CVE-2026-54419). Successful exploitation can lead to full system takeover.
CVE-2026-9815 Vulnerability in wordpress (CVE-2026-9815)
vulnerability in wordpress (CVE-2026-9815). Risk of unauthorized operations or information disclosure.
CVE-2026-55745 Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55745)
vulnerability in cotonti/cotonti (CVE-2026-55745). Risk of unauthorized operations or information disclosure.
CVE-2026-55746 Cross-Site Scripting (XSS) in cotonti/cotonti (CVE-2026-55746)
cross-site scripting in cotonti/cotonti (CVE-2026-55746). Confidential information can be exposed externally.
CVE-2026-55741 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
CVE-2026-55744 Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
CVE-2026-55742 Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
CVE-2026-55740 SQL Injection in sqli (CVE-2026-55740)
SQL injection in sqli (CVE-2026-55740). Successful exploitation can lead to full system takeover.
CVE-2026-9860 Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
CVE-2026-48820 Path Traversal in cakephp/cakephp (CVE-2026-48820)
path traversal in cakephp/cakephp (CVE-2026-48820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.5.11` or later.
CVE-2026-12529 Vulnerability in CVE-2026-12529 (CVE-2026-12529)
vulnerability in CVE-2026-12529 (CVE-2026-12529). Risk of unauthorized operations or information disclosure.
CVE-2026-11407 Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
CVE-2026-48979 Vulnerability in php-standard-library/h2 (CVE-2026-48979)
vulnerability in php-standard-library/h2 (CVE-2026-48979). Data can be tampered with by attackers. Exploitable via ``StreamException``. Mitigation: upgrade to `6.2.1` or later.
CVE-2026-48822 Cross-Site Scripting (XSS) in CVE-2026-48822 (CVE-2026-48822)
cross-site scripting in CVE-2026-48822 (CVE-2026-48822). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →