Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: products Clear
ID Title
CVE-2026-48811 Vulnerability in laravel (CVE-2026-48811)
vulnerability in laravel (CVE-2026-48811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
CVE-2026-48557 Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
CVE-2026-47123 Vulnerability in laravel (CVE-2026-47123)
vulnerability in laravel (CVE-2026-47123). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.220` or later.
CVE-2026-48555 SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
CVE-2026-45294 Vulnerability in laravel (CVE-2026-45294)
vulnerability in laravel (CVE-2026-45294). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.219` or later.
CVE-2026-49381 In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-49380 In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
CVE-2026-49379 In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
CVE-2026-49378 Vulnerability in jetbrains (CVE-2026-49378)
vulnerability in jetbrains (CVE-2026-49378). Risk of unauthorized operations or information disclosure.
CVE-2026-49377 In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
CVE-2026-49376 In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
CVE-2026-49375 Cross-Site Scripting (XSS) in jetbrains (CVE-2026-49375)
cross-site scripting in jetbrains (CVE-2026-49375). Risk of unauthorized operations or information disclosure.
CVE-2026-49374 Vulnerability in jetbrains (CVE-2026-49374)
vulnerability in jetbrains (CVE-2026-49374). Confidential information can be exposed externally.
CVE-2026-49373 Vulnerability in jetbrains (CVE-2026-49373)
vulnerability in jetbrains (CVE-2026-49373). Confidential information can be exposed externally.
CVE-2026-49372 In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-49371 In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
CVE-2026-39276 Path Traversal in path-traversal (CVE-2026-39276)
path traversal in path-traversal (CVE-2026-39276). Successful exploitation can lead to full system takeover.
CVE-2026-36324 Cross-Site Scripting (XSS) in CVE-2026-36324 (CVE-2026-36324)
cross-site scripting in CVE-2026-36324 (CVE-2026-36324). Risk of unauthorized operations or information disclosure.
CVE-2018-25404 SQL Injection in sqli (CVE-2018-25404)
SQL injection in sqli (CVE-2018-25404). Confidential information can be exposed externally.
CVE-2018-25403 SQL Injection in sqli (CVE-2018-25403)
SQL injection in sqli (CVE-2018-25403). Confidential information can be exposed externally.
CVE-2018-25402 SQL Injection in sqli (CVE-2018-25402)
SQL injection in sqli (CVE-2018-25402). Confidential information can be exposed externally.
CVE-2018-25397 Cross-Site Request Forgery (CSRF) in CVE-2018-25397 (CVE-2018-25397)
vulnerability in CVE-2018-25397 (CVE-2018-25397). Risk of unauthorized operations or information disclosure.
CVE-2018-25398 SQL Injection in sqli (CVE-2018-25398)
SQL injection in sqli (CVE-2018-25398). Confidential information can be exposed externally.
CVE-2018-25399 SQL Injection in sqli (CVE-2018-25399)
SQL injection in sqli (CVE-2018-25399). Confidential information can be exposed externally.
CVE-2018-25400 SQL Injection in sqli (CVE-2018-25400)
SQL injection in sqli (CVE-2018-25400). Confidential information can be exposed externally.
CVE-2018-25401 SQL Injection in sqli (CVE-2018-25401)
SQL injection in sqli (CVE-2018-25401). Confidential information can be exposed externally.
CVE-2018-25389 SQL Injection in sqli (CVE-2018-25389)
SQL injection in sqli (CVE-2018-25389). Confidential information can be exposed externally.
CVE-2018-25390 SQL Injection in sqli (CVE-2018-25390)
SQL injection in sqli (CVE-2018-25390). Confidential information can be exposed externally.
CVE-2018-25391 Vulnerability in CVE-2018-25391 (CVE-2018-25391)
vulnerability in CVE-2018-25391 (CVE-2018-25391). Data can be tampered with by attackers.
CVE-2018-25392 SQL Injection in sqli (CVE-2018-25392)
SQL injection in sqli (CVE-2018-25392). Confidential information can be exposed externally.
CVE-2018-25393 Path Traversal in path-traversal (CVE-2018-25393)
path traversal in path-traversal (CVE-2018-25393). Confidential information can be exposed externally.
CVE-2018-25394 SQL Injection in sqli (CVE-2018-25394)
SQL injection in sqli (CVE-2018-25394). Confidential information can be exposed externally.
CVE-2018-25395 SQL Injection in sqli (CVE-2018-25395)
SQL injection in sqli (CVE-2018-25395). Confidential information can be exposed externally.
CVE-2018-25382 SQL Injection in sqli (CVE-2018-25382)
SQL injection in sqli (CVE-2018-25382). Confidential information can be exposed externally.
CVE-2018-25384 Cross-Site Scripting (XSS) in CVE-2018-25384 (CVE-2018-25384)
cross-site scripting in CVE-2018-25384 (CVE-2018-25384). Risk of unauthorized operations or information disclosure.
CVE-2018-25385 SQL Injection in sqli (CVE-2018-25385)
SQL injection in sqli (CVE-2018-25385). Confidential information can be exposed externally.
CVE-2018-25386 SQL Injection in sqli (CVE-2018-25386)
SQL injection in sqli (CVE-2018-25386). Confidential information can be exposed externally.
CVE-2018-25387 Cross-Site Request Forgery (CSRF) in CVE-2018-25387 (CVE-2018-25387)
vulnerability in CVE-2018-25387 (CVE-2018-25387). Risk of unauthorized operations or information disclosure.
CVE-2018-25388 Unrestricted File Upload in CVE-2018-25388 (CVE-2018-25388)
vulnerability in CVE-2018-25388 (CVE-2018-25388). Successful exploitation can lead to full system takeover.
CVE-2026-48501 Authorization Flaw in github.com/cli/cli/v2 (CVE-2026-48501)
vulnerability in github.com/cli/cli/v2 (CVE-2026-48501). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `2.93.0` or later.
CVE-2026-47696 Vulnerability in WWBN/AVideo (CVE-2026-47696)
vulnerability in WWBN/AVideo (CVE-2026-47696). Risk of unauthorized operations or information disclosure. Exploitable via ``amount``.
CVE-2026-46376 Vulnerability in sangoma (CVE-2026-46376)
vulnerability in sangoma (CVE-2026-46376). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.45` or later.
CVE-2026-44698 Code Injection in CVE-2026-44698 (CVE-2026-44698)
code injection in CVE-2026-44698 (CVE-2026-44698). Successful exploitation can lead to full system takeover. Exploitable via ``window.externalApp``. Mitigation: upgrade to `2026.4.1` or later.
CVE-2026-44239 Vulnerability in path-traversal (CVE-2026-44239)
vulnerability in path-traversal (CVE-2026-44239). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.22` or later.
CVE-2026-44237 Vulnerability in sangoma (CVE-2026-44237)
vulnerability in sangoma (CVE-2026-44237). Confidential information can be exposed externally. Mitigation: upgrade to `17.0.8` or later.
CVE-2026-44238 SQL Injection in sqli (CVE-2026-44238)
SQL injection in sqli (CVE-2026-44238). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.50` or later.
CVE-2026-48527 Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-48527)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-48527). Confidential information can be exposed externally. Exploitable via `POST /system/api/saveNode`. Mitigation: upgrade to `26.0.1` or later.
CVE-2026-45551 Cross-Site Scripting (XSS) in CVE-2026-45551 (CVE-2026-45551)
cross-site scripting in CVE-2026-45551 (CVE-2026-45551). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.25` or later.
CVE-2026-9559 Path Traversal in mautic/core (CVE-2026-9559)
path traversal in mautic/core (CVE-2026-9559). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
CVE-2025-11262 The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →