Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-11480 |
|
Vulnerability in sqli (CVE-2026-11480)
vulnerability in sqli (CVE-2026-11480). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11475 |
|
Vulnerability in sqli (CVE-2026-11475)
vulnerability in sqli (CVE-2026-11475). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11474 |
|
Vulnerability in CVE-2026-11474 (CVE-2026-11474)
vulnerability in CVE-2026-11474 (CVE-2026-11474). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11471 |
|
Vulnerability in sqli (CVE-2026-11471)
vulnerability in sqli (CVE-2026-11471). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11472 |
|
Vulnerability in sqli (CVE-2026-11472)
vulnerability in sqli (CVE-2026-11472). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11462 |
|
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
|
| CVE-2026-11456 |
|
Vulnerability in sqli (CVE-2026-11456)
vulnerability in sqli (CVE-2026-11456). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7795 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7795)
cross-site scripting in wordpress (CVE-2026-7795). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7566 |
|
Unsafe Deserialization in wordpress (CVE-2026-7566)
vulnerability in wordpress (CVE-2026-7566). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2500 |
|
Path Traversal in csharp (CVE-2026-2500)
path traversal in csharp (CVE-2026-2500). Confidential information can be exposed externally. Exploitable via ``filename``.
|
| CVE-2026-9281 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9281)
cross-site scripting in wordpress (CVE-2026-9281). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9290 |
|
Path Traversal in wordpress (CVE-2026-9290)
path traversal in wordpress (CVE-2026-9290). Confidential information can be exposed externally.
|
| CVE-2026-7654 |
|
Unsafe Deserialization in wordpress (CVE-2026-7654)
vulnerability in wordpress (CVE-2026-7654). Successful exploitation can lead to full system takeover. Exploitable via ``allowed_classes``.
|
| CVE-2026-46400 |
|
Unrestricted File Upload in CVE-2026-46400 (CVE-2026-46400)
vulnerability in CVE-2026-46400 (CVE-2026-46400). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46401 |
|
Vulnerability in CVE-2026-46401 (CVE-2026-46401)
vulnerability in CVE-2026-46401 (CVE-2026-46401). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46493 |
|
Vulnerability in CVE-2026-46493 (CVE-2026-46493)
vulnerability in CVE-2026-46493 (CVE-2026-46493). Confidential information can be exposed externally. Exploitable via ``uniqid``.
|
| CVE-2026-46398 |
|
Vulnerability in CVE-2026-46398 (CVE-2026-46398)
vulnerability in CVE-2026-46398 (CVE-2026-46398). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46397 |
|
Path Traversal in CVE-2026-46397 (CVE-2026-46397)
path traversal in CVE-2026-46397 (CVE-2026-46397). Confidential information can be exposed externally.
|
| CVE-2026-5415 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-5411 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-46399 |
|
Vulnerability in CVE-2026-46399 (CVE-2026-46399)
vulnerability in CVE-2026-46399 (CVE-2026-46399). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46394 |
|
OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
OS command injection in CVE-2026-46394 (CVE-2026-46394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46392 |
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
| CVE-2026-46390 |
|
Vulnerability in CVE-2026-46390 (CVE-2026-46390)
vulnerability in CVE-2026-46390 (CVE-2026-46390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11344 |
|
Vulnerability in CVE-2026-11344 (CVE-2026-11344)
vulnerability in CVE-2026-11344 (CVE-2026-11344). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11342 |
|
Vulnerability in sqli (CVE-2026-11342)
vulnerability in sqli (CVE-2026-11342). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48112 |
|
Out-of-Bounds Read in 7-zip (CVE-2026-48112)
vulnerability in 7-zip (CVE-2026-48112). Confidential information can be exposed externally.
|
| CVE-2026-48111 |
|
Out-of-Bounds Read in cpp (CVE-2026-48111)
vulnerability in cpp (CVE-2026-48111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48103 |
|
Out-of-Bounds Read in cpp (CVE-2026-48103)
vulnerability in cpp (CVE-2026-48103). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48104 |
|
Out-of-Bounds Read in dos (CVE-2026-48104)
vulnerability in dos (CVE-2026-48104). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11337 |
|
Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
cross-site scripting in CVE-2026-11337 (CVE-2026-11337). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11336 |
|
Vulnerability in CVE-2026-11336 (CVE-2026-11336)
vulnerability in CVE-2026-11336 (CVE-2026-11336). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48101 |
|
Vulnerability in 7-zip (CVE-2026-48101)
vulnerability in 7-zip (CVE-2026-48101). Confidential information can be exposed externally.
|
| CVE-2026-48102 |
|
Out-of-Bounds Read in cpp (CVE-2026-48102)
vulnerability in cpp (CVE-2026-48102). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11335 |
|
Vulnerability in CVE-2026-11335 (CVE-2026-11335)
vulnerability in CVE-2026-11335 (CVE-2026-11335). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11333 |
|
Vulnerability in CVE-2026-11333 (CVE-2026-11333)
vulnerability in CVE-2026-11333 (CVE-2026-11333). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11334 |
|
Vulnerability in sqli (CVE-2026-11334)
vulnerability in sqli (CVE-2026-11334). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38579 |
|
Cross-Site Scripting (XSS) in CVE-2026-38579 (CVE-2026-38579)
cross-site scripting in CVE-2026-38579 (CVE-2026-38579). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48092 |
|
Out-of-Bounds Read in 7-zip (CVE-2026-48092)
vulnerability in 7-zip (CVE-2026-48092). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48095 |
|
Vulnerability in dos (CVE-2026-48095)
vulnerability in dos (CVE-2026-48095). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48907 KEV |
|
[KEV] Vulnerability in widget factory (CVE-2026-48907)
vulnerability in widget factory (CVE-2026-48907). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-11309 |
|
Vulnerability in google (CVE-2026-11309)
vulnerability in google (CVE-2026-11309). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11305 |
|
Use-After-Free in google (CVE-2026-11305)
vulnerability in google (CVE-2026-11305). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11306 |
|
Use-After-Free in google (CVE-2026-11306)
vulnerability in google (CVE-2026-11306). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11307 |
|
Use-After-Free in google (CVE-2026-11307)
vulnerability in google (CVE-2026-11307). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11308 |
|
Privilege Escalation in privilege-escalation (CVE-2026-11308)
vulnerability in privilege-escalation (CVE-2026-11308). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11304 |
|
Use-After-Free in google (CVE-2026-11304)
vulnerability in google (CVE-2026-11304). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11303 |
|
Use-After-Free in google (CVE-2026-11303)
vulnerability in google (CVE-2026-11303). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11302 |
|
Vulnerability in google (CVE-2026-11302)
vulnerability in google (CVE-2026-11302). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11299 |
|
Out-of-Bounds Read in google (CVE-2026-11299)
vulnerability in google (CVE-2026-11299). Confidential information can be exposed externally.
|