Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-35086 |
|
Code Injection in apache (CVE-2026-35086)
code injection in apache (CVE-2026-35086). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31986 |
|
Vulnerability in apache (CVE-2026-31986)
vulnerability in apache (CVE-2026-31986). Confidential information can be exposed externally.
|
| CVE-2026-31910 |
|
SSRF (Server-Side Request Forgery) in apache (CVE-2026-31910)
SSRF in apache (CVE-2026-31910). Confidential information can be exposed externally.
|
| CVE-2026-31909 |
|
Information Disclosure in apache (CVE-2026-31909)
vulnerability in apache (CVE-2026-31909). Confidential information can be exposed externally.
|
| CVE-2026-31906 |
|
Cross-Site Scripting (XSS) in apache (CVE-2026-31906)
cross-site scripting in apache (CVE-2026-31906). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31388 |
|
Vulnerability in apache (CVE-2026-31388)
vulnerability in apache (CVE-2026-31388). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31387 |
|
Authentication Bypass in apache (CVE-2026-31387)
authentication bypass in apache (CVE-2026-31387). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31380 |
|
Vulnerability in apache (CVE-2026-31380)
vulnerability in apache (CVE-2026-31380). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31379 |
|
Path Traversal in apache (CVE-2026-31379)
path traversal in apache (CVE-2026-31379). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31378 |
|
Vulnerability in apache (CVE-2026-31378)
vulnerability in apache (CVE-2026-31378). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29226 |
|
SSRF (Server-Side Request Forgery) in apache (CVE-2026-29226)
SSRF in apache (CVE-2026-29226). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29220 |
|
Path Traversal in apache (CVE-2026-29220)
path traversal in apache (CVE-2026-29220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29207 |
|
Vulnerability in apache (CVE-2026-29207)
vulnerability in apache (CVE-2026-29207). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4885 |
|
Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32312 |
|
Vulnerability in glpi-project (CVE-2026-32312)
vulnerability in glpi-project (CVE-2026-32312). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27891 |
|
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
|
| CVE-2026-46559 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46559)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46559). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-46557 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46557)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46557). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-46523 |
|
ImageMagick: Use-After-Free in MSL decoder.
ImageMagick: Use-After-Free in MSL decoder.
|
| CVE-2026-46522 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-46521 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46521)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46521). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-46520 |
|
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
|
| CVE-2026-45664 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45664)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45664). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-45624 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45624)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45624). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-45731 |
|
Path Traversal in WWBN/AVideo (CVE-2026-45731)
path traversal in WWBN/AVideo (CVE-2026-45731). Confidential information can be exposed externally. Exploitable via `POST /view/update.php`.
|
| CVE-2026-29963 |
|
Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
|
| CVE-2026-29965 |
|
Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29965)
cross-site scripting in hsclabs (CVE-2026-29965). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29964 |
|
Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)
cross-site scripting in hsclabs (CVE-2026-29964). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29962 |
|
Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
|
| CVE-2026-45031 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45031)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45031). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-45358 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45358)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45358). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-45359 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45359)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45359). Confidential information can be exposed externally. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-45701 |
|
Vulnerability in sulu/sulu (CVE-2026-45701)
vulnerability in sulu/sulu (CVE-2026-45701). Risk of unauthorized operations or information disclosure. Exploitable via ``User.php``. Mitigation: upgrade to `2.6.23` or later.
|
| CVE-2026-45660 |
|
SSRF (Server-Side Request Forgery) in statamic/cms (CVE-2026-45660)
SSRF in statamic/cms (CVE-2026-45660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.22` or later.
|
| CVE-2026-42326 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-42326)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-42326). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-39079 |
|
Information Disclosure in CVE-2026-39079 (CVE-2026-39079)
vulnerability in CVE-2026-39079 (CVE-2026-39079). Confidential information can be exposed externally.
|
| CVE-2026-45135 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-45620 |
|
Vulnerability in WWBN/AVideo (CVE-2026-45620)
vulnerability in WWBN/AVideo (CVE-2026-45620). Risk of unauthorized operations or information disclosure. Exploitable via ``d9cdc7024``.
|
| CVE-2026-8803 |
|
Vulnerability in CVE-2026-8803 (CVE-2026-8803)
vulnerability in CVE-2026-8803 (CVE-2026-8803). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8802 |
|
Path Traversal in path-traversal (CVE-2026-8802)
path traversal in path-traversal (CVE-2026-8802). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8785 |
|
Vulnerability in sqli (CVE-2026-8785)
vulnerability in sqli (CVE-2026-8785). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25335 |
|
Vulnerability in wordpress (CVE-2018-25335)
vulnerability in wordpress (CVE-2018-25335). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8753 |
|
Vulnerability in CVE-2026-8753 (CVE-2026-8753)
vulnerability in CVE-2026-8753 (CVE-2026-8753). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25331 |
|
Cross-Site Scripting (XSS) in CVE-2018-25331 (CVE-2018-25331)
cross-site scripting in CVE-2018-25331 (CVE-2018-25331). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25326 |
|
Path Traversal in wordpress (CVE-2018-25326)
path traversal in wordpress (CVE-2018-25326). Confidential information can be exposed externally.
|
| CVE-2018-25333 |
|
SQL Injection in sqli (CVE-2018-25333)
SQL injection in sqli (CVE-2018-25333). Confidential information can be exposed externally.
|
| CVE-2018-25329 |
|
Vulnerability in wordpress (CVE-2018-25329)
vulnerability in wordpress (CVE-2018-25329). Confidential information can be exposed externally.
|
| CVE-2018-25325 |
|
Path Traversal in wordpress (CVE-2018-25325)
path traversal in wordpress (CVE-2018-25325). Confidential information can be exposed externally.
|
| CVE-2018-25319 |
|
SQL Injection in sqli (CVE-2018-25319)
SQL injection in sqli (CVE-2018-25319). Confidential information can be exposed externally.
|
| CVE-2018-25324 |
|
Vulnerability in wordpress (CVE-2018-25324)
vulnerability in wordpress (CVE-2018-25324). Confidential information can be exposed externally.
|