Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: products Clear
ID Title
CVE-2026-37266 Vulnerability in CVE-2026-37266 (CVE-2026-37266)
vulnerability in CVE-2026-37266 (CVE-2026-37266). Successful exploitation can lead to full system takeover.
CVE-2026-7797 SQL Injection in wordpress (CVE-2026-7797)
SQL injection in wordpress (CVE-2026-7797). Confidential information can be exposed externally.
CVE-2026-9227 Unrestricted File Upload in wordpress (CVE-2026-9227)
vulnerability in wordpress (CVE-2026-9227). Successful exploitation can lead to full system takeover.
CVE-2026-6455 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
CVE-2026-9009 Unrestricted File Upload in wordpress (CVE-2026-9009)
vulnerability in wordpress (CVE-2026-9009). Successful exploitation can lead to full system takeover.
CVE-2026-2374 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2374)
cross-site scripting in wordpress (CVE-2026-2374). Risk of unauthorized operations or information disclosure. Exploitable via ``login_nocaptcha_error``.
CVE-2026-4868 Vulnerability in gitlab (CVE-2026-4868)
vulnerability in gitlab (CVE-2026-4868). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-44460 Information Disclosure in CVE-2026-44460 (CVE-2026-44460)
vulnerability in CVE-2026-44460 (CVE-2026-44460). Confidential information can be exposed externally. Mitigation: upgrade to `3.12.0` or later.
CVE-2026-42790 Vulnerability in erlang (CVE-2026-42790)
vulnerability in erlang (CVE-2026-42790). Confidential information can be exposed externally.
CVE-2026-1933 Vulnerability in redhat (CVE-2026-1933)
vulnerability in redhat (CVE-2026-1933). Risk of unauthorized operations or information disclosure.
CVE-2026-48920 Vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920)
vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920). Successful exploitation can lead to full system takeover. Exploitable via ``base64``. Mitigation: upgrade to `1933.1935.v276319e3cc47` or later.
CVE-2026-48921 Vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921)
vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `798.v5cc688825312` or later.
CVE-2026-48922 Path Traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922)
path traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `725.ve52b` or later.
CVE-2026-37713 Code Injection in CVE-2026-37713 (CVE-2026-37713)
code injection in CVE-2026-37713 (CVE-2026-37713). Risk of unauthorized operations or information disclosure.
CVE-2026-37711 Code Injection in CVE-2026-37711 (CVE-2026-37711)
code injection in CVE-2026-37711 (CVE-2026-37711). Risk of unauthorized operations or information disclosure.
CVE-2026-37712 Code Injection in CVE-2026-37712 (CVE-2026-37712)
code injection in CVE-2026-37712 (CVE-2026-37712). Risk of unauthorized operations or information disclosure.
CVE-2026-7528 Vulnerability in dos (CVE-2026-7528)
vulnerability in dos (CVE-2026-7528). Risk of unauthorized operations or information disclosure.
CVE-2026-48972 Vulnerability in CVE-2026-48972 (CVE-2026-48972)
vulnerability in CVE-2026-48972 (CVE-2026-48972). Successful exploitation can lead to full system takeover.
CVE-2026-46052 Vulnerability in c (CVE-2026-46052)
vulnerability in c (CVE-2026-46052). Risk of unauthorized operations or information disclosure.
CVE-2026-42762 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
CVE-2026-42746 Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
CVE-2026-42735 Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
CVE-2026-42737 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
CVE-2026-42745 Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
CVE-2026-42730 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
CVE-2026-3012 A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
CVE-2026-40833 SQL Injection in sqli (CVE-2026-40833)
SQL injection in sqli (CVE-2026-40833). Confidential information can be exposed externally.
CVE-2026-40834 SQL Injection in sqli (CVE-2026-40834)
SQL injection in sqli (CVE-2026-40834). Confidential information can be exposed externally.
CVE-2026-8832 Code Injection in wordpress (CVE-2026-8832)
code injection in wordpress (CVE-2026-8832). Successful exploitation can lead to full system takeover.
CVE-2026-40814 SQL Injection in sqli (CVE-2026-40814)
SQL injection in sqli (CVE-2026-40814). Confidential information can be exposed externally.
CVE-2026-40816 SQL Injection in sqli (CVE-2026-40816)
SQL injection in sqli (CVE-2026-40816). Confidential information can be exposed externally.
CVE-2026-6169 Code Injection in wordpress (CVE-2026-6169)
code injection in wordpress (CVE-2026-6169). Successful exploitation can lead to full system takeover.
CVE-2026-9200 Vulnerability in wordpress (CVE-2026-9200)
vulnerability in wordpress (CVE-2026-9200). Successful exploitation can lead to full system takeover.
CVE-2026-9606 Vulnerability in sqli (CVE-2026-9606)
vulnerability in sqli (CVE-2026-9606). Risk of unauthorized operations or information disclosure.
CVE-2026-9584 A security vulnerability has been detected in code-projects Project Management System 1.0....
A security vulnerability has been detected in code-projects Project Management System 1.0....
CVE-2025-46284 Vulnerability in apple (CVE-2025-46284)
vulnerability in apple (CVE-2025-46284). Successful exploitation can lead to full system takeover.
CVE-2025-43306 Privilege Escalation in apple (CVE-2025-43306)
vulnerability in apple (CVE-2025-43306). Successful exploitation can lead to full system takeover.
CVE-2026-9575 Vulnerability in sqli (CVE-2026-9575)
vulnerability in sqli (CVE-2026-9575). Risk of unauthorized operations or information disclosure.
CVE-2026-9573 Vulnerability in sqli (CVE-2026-9573)
vulnerability in sqli (CVE-2026-9573). Risk of unauthorized operations or information disclosure.
CVE-2026-9574 Vulnerability in sqli (CVE-2026-9574)
vulnerability in sqli (CVE-2026-9574). Risk of unauthorized operations or information disclosure.
CVE-2026-8855 Code Injection in dos (CVE-2026-8855)
code injection in dos (CVE-2026-8855). Successful exploitation can lead to full system takeover.
CVE-2026-8856 Vulnerability in dos (CVE-2026-8856)
vulnerability in dos (CVE-2026-8856). Data can be tampered with by attackers.
CVE-2026-8835 Vulnerability in dos (CVE-2026-8835)
vulnerability in dos (CVE-2026-8835). Confidential information can be exposed externally.
CVE-2026-8854 Vulnerability in dos (CVE-2026-8854)
vulnerability in dos (CVE-2026-8854). Risk of unauthorized operations or information disclosure.
CVE-2026-8834 Vulnerability in dos (CVE-2026-8834)
vulnerability in dos (CVE-2026-8834). Successful exploitation can lead to full system takeover.
CVE-2026-48695 OS Command Injection in pavel-odintsov (CVE-2026-48695)
OS command injection in pavel-odintsov (CVE-2026-48695). Confidential information can be exposed externally. Exploitable via ``date``.
CVE-2026-48694 Command Injection in pavel-odintsov (CVE-2026-48694)
command injection in pavel-odintsov (CVE-2026-48694). Confidential information can be exposed externally.
CVE-2026-8850 Vulnerability in dos (CVE-2026-8850)
vulnerability in dos (CVE-2026-8850). Risk of unauthorized operations or information disclosure.
CVE-2026-48897 Joomla! Core - [20260512] - MFA Authentication Bypass
Joomla! Core - [20260512] - MFA Authentication Bypass
CVE-2026-48896 Joomla! Core - [20260511] - MFA Authentication Bypass
Joomla! Core - [20260511] - MFA Authentication Bypass

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →