Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12312 |
|
Buffer Overflow in mozilla (CVE-2026-12312)
vulnerability in mozilla (CVE-2026-12312). Confidential information can be exposed externally.
|
| CVE-2026-12305 |
|
Buffer Overflow in mozilla (CVE-2026-12305)
vulnerability in mozilla (CVE-2026-12305). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12290 |
|
Buffer Overflow in mozilla (CVE-2026-12290)
vulnerability in mozilla (CVE-2026-12290). Confidential information can be exposed externally.
|
| CVE-2026-12289 |
|
Privilege Escalation in privilege-escalation (CVE-2026-12289)
vulnerability in privilege-escalation (CVE-2026-12289). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12291 |
|
Use-After-Free in mozilla (CVE-2026-12291)
vulnerability in mozilla (CVE-2026-12291). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12292 |
|
Buffer Overflow in mozilla (CVE-2026-12292)
vulnerability in mozilla (CVE-2026-12292). Confidential information can be exposed externally.
|
| CVE-2026-6933 |
|
Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42687 |
|
Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.
Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.
|
| CVE-2026-39532 |
|
Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.
Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.
|
| CVE-2026-39498 |
|
Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.
Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.
|
| CVE-2026-39499 |
|
Unsafe Deserialization in CVE-2026-39499 (CVE-2026-39499)
vulnerability in CVE-2026-39499 (CVE-2026-39499). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39481 |
|
Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.
Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.
|
| CVE-2026-39472 |
|
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.
|
| CVE-2026-39478 |
|
Unsafe Deserialization in CVE-2026-39478 (CVE-2026-39478)
vulnerability in CVE-2026-39478 (CVE-2026-39478). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39471 |
|
Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 versions.
Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 versions.
|
| CVE-2026-39474 |
|
Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.
Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.
|
| CVE-2026-39434 |
|
Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.
Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.
|
| CVE-2026-47835 |
|
Vulnerability in CVE-2026-47835 (CVE-2026-47835)
vulnerability in CVE-2026-47835 (CVE-2026-47835). Confidential information can be exposed externally.
|
| CVE-2026-36670 |
|
SQL Injection in sqli (CVE-2026-36670)
SQL injection in sqli (CVE-2026-36670). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53571 |
|
Path Traversal in vite (CVE-2026-53571)
path traversal in vite (CVE-2026-53571). Confidential information can be exposed externally. Exploitable via ``server.fs.deny``. Mitigation: upgrade to `6.4.3` or later.
|
| CVE-2016-20084 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2016-20084)
cross-site scripting in wordpress (CVE-2016-20084). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25746 |
|
SQL Injection in wordpress (CVE-2019-25746)
SQL injection in wordpress (CVE-2019-25746). Confidential information can be exposed externally.
|
| CVE-2018-25437 |
|
Vulnerability in wordpress (CVE-2018-25437)
vulnerability in wordpress (CVE-2018-25437). Confidential information can be exposed externally.
|
| CVE-2016-20081 |
|
Path Traversal in wordpress (CVE-2016-20081)
path traversal in wordpress (CVE-2016-20081). Confidential information can be exposed externally.
|
| CVE-2016-20073 |
|
SQL Injection in wordpress (CVE-2016-20073)
SQL injection in wordpress (CVE-2016-20073). Confidential information can be exposed externally.
|
| CVE-2016-20075 |
|
Authorization Flaw in wordpress (CVE-2016-20075)
vulnerability in wordpress (CVE-2016-20075). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20076 |
|
Path Traversal in wordpress (CVE-2016-20076)
path traversal in wordpress (CVE-2016-20076). Confidential information can be exposed externally.
|
| CVE-2016-20068 |
|
SQL Injection in wordpress (CVE-2016-20068)
SQL injection in wordpress (CVE-2016-20068). Confidential information can be exposed externally.
|
| CVE-2026-12204 |
|
Vulnerability in CVE-2026-12204 (CVE-2026-12204)
vulnerability in CVE-2026-12204 (CVE-2026-12204). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11769 |
|
Path Traversal in github.com/grafana/grafana-operator (CVE-2026-11769)
path traversal in github.com/grafana/grafana-operator (CVE-2026-11769). Successful exploitation can lead to full system takeover. Exploitable via ``Dashboard``. Mitigation: upgrade to `5.24.0` or later.
|
| CVE-2026-47965 |
|
Out-of-Bounds Write in adobe (CVE-2026-47965)
out-of-bounds write in adobe (CVE-2026-47965). Successful exploitation can lead to full system takeover.
|
| CVE-2025-52465 |
|
Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-52465)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-52465). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.26.4` or later.
|
| CVE-2026-12066 |
|
Vulnerability in CVE-2026-12066 (CVE-2026-12066)
vulnerability in CVE-2026-12066 (CVE-2026-12066). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50645 |
|
Vulnerability in apache (CVE-2026-50645)
vulnerability in apache (CVE-2026-50645). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50633 |
|
Vulnerability in apache (CVE-2026-50633)
vulnerability in apache (CVE-2026-50633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50632 |
|
Vulnerability in apache (CVE-2026-50632)
vulnerability in apache (CVE-2026-50632). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50631 |
|
Vulnerability in apache (CVE-2026-50631)
vulnerability in apache (CVE-2026-50631). Confidential information can be exposed externally.
|
| CVE-2026-45418 |
|
SQL Injection in sqli (CVE-2026-45418)
SQL injection in sqli (CVE-2026-45418). Successful exploitation can lead to full system takeover. Exploitable via `POST /actions/subtitle_edit.php`.
|
| CVE-2026-12035 |
|
Use-After-Free in google (CVE-2026-12035)
vulnerability in google (CVE-2026-12035). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12034 |
|
Vulnerability in Google chrome (CVE-2026-12034)
vulnerability in Google chrome (CVE-2026-12034). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12031 |
|
Vulnerability in google (CVE-2026-12031)
vulnerability in google (CVE-2026-12031). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12029 |
|
Use-After-Free in google (CVE-2026-12029)
vulnerability in google (CVE-2026-12029). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12028 |
|
Use-After-Free in google (CVE-2026-12028)
vulnerability in google (CVE-2026-12028). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12030 |
|
Vulnerability in google (CVE-2026-12030)
vulnerability in google (CVE-2026-12030). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12020 |
|
Use-After-Free in google (CVE-2026-12020)
vulnerability in google (CVE-2026-12020). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12019 |
|
Out-of-Bounds Write in google (CVE-2026-12019)
out-of-bounds write in google (CVE-2026-12019). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12023 |
|
Use-After-Free in google (CVE-2026-12023)
vulnerability in google (CVE-2026-12023). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12016 |
|
Vulnerability in google (CVE-2026-12016)
vulnerability in google (CVE-2026-12016). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12018 |
|
Privilege Escalation in privilege-escalation (CVE-2026-12018)
vulnerability in privilege-escalation (CVE-2026-12018). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12022 |
|
Vulnerability in google (CVE-2026-12022)
vulnerability in google (CVE-2026-12022). Successful exploitation can lead to full system takeover.
|