Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Clear
ID Title
CVE-2026-8753 Vulnerability in CVE-2026-8753 (CVE-2026-8753)
vulnerability in CVE-2026-8753 (CVE-2026-8753). Risk of unauthorized operations or information disclosure.
CVE-2018-25326 Path Traversal in wordpress (CVE-2018-25326)
path traversal in wordpress (CVE-2018-25326). Confidential information can be exposed externally.
CVE-2018-25329 Vulnerability in wordpress (CVE-2018-25329)
vulnerability in wordpress (CVE-2018-25329). Confidential information can be exposed externally.
CVE-2018-25331 Cross-Site Scripting (XSS) in CVE-2018-25331 (CVE-2018-25331)
cross-site scripting in CVE-2018-25331 (CVE-2018-25331). Risk of unauthorized operations or information disclosure.
CVE-2018-25333 SQL Injection in sqli (CVE-2018-25333)
SQL injection in sqli (CVE-2018-25333). Confidential information can be exposed externally.
CVE-2018-25319 SQL Injection in sqli (CVE-2018-25319)
SQL injection in sqli (CVE-2018-25319). Confidential information can be exposed externally.
CVE-2018-25324 Vulnerability in wordpress (CVE-2018-25324)
vulnerability in wordpress (CVE-2018-25324). Confidential information can be exposed externally.
CVE-2018-25325 Path Traversal in wordpress (CVE-2018-25325)
path traversal in wordpress (CVE-2018-25325). Confidential information can be exposed externally.
CVE-2018-25321 Cross-Site Request Forgery (CSRF) in tp-link (CVE-2018-25321)
vulnerability in tp-link (CVE-2018-25321). Risk of unauthorized operations or information disclosure.
CVE-2026-8751 Vulnerability in deserialization (CVE-2026-8751)
vulnerability in deserialization (CVE-2026-8751). Risk of unauthorized operations or information disclosure.
CVE-2026-8752 Vulnerability in h2o (CVE-2026-8752)
vulnerability in h2o (CVE-2026-8752). Risk of unauthorized operations or information disclosure.
CVE-2026-8747 Vulnerability in CVE-2026-8747 (CVE-2026-8747)
vulnerability in CVE-2026-8747 (CVE-2026-8747). Risk of unauthorized operations or information disclosure.
CVE-2026-8750 Information Disclosure in h2o (CVE-2026-8750)
vulnerability in h2o (CVE-2026-8750). Risk of unauthorized operations or information disclosure.
CVE-2026-8740 Vulnerability in CVE-2026-8740 (CVE-2026-8740)
vulnerability in CVE-2026-8740 (CVE-2026-8740). Risk of unauthorized operations or information disclosure.
CVE-2026-8739 Vulnerability in CVE-2026-8739 (CVE-2026-8739)
vulnerability in CVE-2026-8739 (CVE-2026-8739). Risk of unauthorized operations or information disclosure.
CVE-2026-8738 Vulnerability in CVE-2026-8738 (CVE-2026-8738)
vulnerability in CVE-2026-8738 (CVE-2026-8738). Risk of unauthorized operations or information disclosure.
CVE-2026-8736 Path Traversal in path-traversal (CVE-2026-8736)
path traversal in path-traversal (CVE-2026-8736). Risk of unauthorized operations or information disclosure.
CVE-2026-8737 Authentication Bypass in CVE-2026-8737 (CVE-2026-8737)
authentication bypass in CVE-2026-8737 (CVE-2026-8737). Risk of unauthorized operations or information disclosure.
CVE-2026-8735 Vulnerability in deserialization (CVE-2026-8735)
vulnerability in deserialization (CVE-2026-8735). Risk of unauthorized operations or information disclosure.
CVE-2026-8719 Privilege Escalation in wordpress (CVE-2026-8719)
vulnerability in wordpress (CVE-2026-8719). Successful exploitation can lead to full system takeover.
CVE-2026-8724 Vulnerability in sqli (CVE-2026-8724)
vulnerability in sqli (CVE-2026-8724). Risk of unauthorized operations or information disclosure.
CVE-2021-47976 Cross-Site Request Forgery (CSRF) in csrf (CVE-2021-47976)
vulnerability in csrf (CVE-2021-47976). Successful exploitation can lead to full system takeover.
CVE-2021-47977 Path Traversal in wordpress (CVE-2021-47977)
path traversal in wordpress (CVE-2021-47977). Confidential information can be exposed externally.
CVE-2021-47979 Path Traversal in c (CVE-2021-47979)
path traversal in c (CVE-2021-47979). Successful exploitation can lead to full system takeover.
CVE-2021-47981 Cross-Site Scripting (XSS) in csrf (CVE-2021-47981)
cross-site scripting in csrf (CVE-2021-47981). Risk of unauthorized operations or information disclosure.
CVE-2021-47957 Cross-Site Scripting (XSS) in wordpress (CVE-2021-47957)
cross-site scripting in wordpress (CVE-2021-47957). Risk of unauthorized operations or information disclosure.
CVE-2021-47934 Cross-Site Scripting (XSS) in CVE-2021-47934 (CVE-2021-47934)
cross-site scripting in CVE-2021-47934 (CVE-2021-47934). Risk of unauthorized operations or information disclosure.
CVE-2021-47954 SQL Injection in sqli (CVE-2021-47954)
SQL injection in sqli (CVE-2021-47954). Confidential information can be exposed externally.
CVE-2021-47955 Cross-Site Scripting (XSS) in CVE-2021-47955 (CVE-2021-47955)
cross-site scripting in CVE-2021-47955 (CVE-2021-47955). Risk of unauthorized operations or information disclosure.
CVE-2021-47956 SQL Injection in sqli (CVE-2021-47956)
SQL injection in sqli (CVE-2021-47956). Confidential information can be exposed externally.
CVE-2020-37246 Vulnerability in path-traversal (CVE-2020-37246)
vulnerability in path-traversal (CVE-2020-37246). Confidential information can be exposed externally.
CVE-2020-37233 Cross-Site Scripting (XSS) in wordpress (CVE-2020-37233)
cross-site scripting in wordpress (CVE-2020-37233). Risk of unauthorized operations or information disclosure.
CVE-2020-37235 Cross-Site Scripting (XSS) in wordpress (CVE-2020-37235)
cross-site scripting in wordpress (CVE-2020-37235). Risk of unauthorized operations or information disclosure.
CVE-2020-37227 Unrestricted File Upload in CVE-2020-37227 (CVE-2020-37227)
vulnerability in CVE-2020-37227 (CVE-2020-37227). Successful exploitation can lead to full system takeover.
CVE-2025-4202 Vulnerability in wordpress (CVE-2025-4202)
vulnerability in wordpress (CVE-2025-4202). Risk of unauthorized operations or information disclosure.
CVE-2026-8681 Vulnerability in wordpress (CVE-2026-8681)
vulnerability in wordpress (CVE-2026-8681). Risk of unauthorized operations or information disclosure.
CVE-2025-67031 Code Injection in CVE-2025-67031 (CVE-2025-67031)
code injection in CVE-2025-67031 (CVE-2025-67031). Risk of unauthorized operations or information disclosure.
CVE-2026-46367 Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
CVE-2026-46408 Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter t...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another u...
CVE-2026-46359 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
CVE-2026-46361 Cross-Site Scripting (XSS) in thorsten/phpmyfaq (CVE-2026-46361)
cross-site scripting in thorsten/phpmyfaq (CVE-2026-46361). Confidential information can be exposed externally. Exploitable via ``search.twig``. Mitigation: upgrade to `4.1.2` or later.
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2026-45007 Vulnerability in thorsten/phpmyfaq (CVE-2026-45007)
vulnerability in thorsten/phpmyfaq (CVE-2026-45007). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigurationTabController.php``. Mitigation: upgrade to `4.1.2` or later.
CVE-2021-47964 Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
CVE-2021-47966 PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
CVE-2021-47967 Cross-Site Scripting (XSS) in c (CVE-2021-47967)
cross-site scripting in c (CVE-2021-47967). Risk of unauthorized operations or information disclosure.
CVE-2021-47965 Unrestricted File Upload in wordpress (CVE-2021-47965)
vulnerability in wordpress (CVE-2021-47965). Successful exploitation can lead to full system takeover.
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
CVE-2021-47958 SSRF (Server-Side Request Forgery) in CVE-2021-47958 (CVE-2021-47958)
SSRF in CVE-2021-47958 (CVE-2021-47958). Risk of unauthorized operations or information disclosure.
CVE-2026-45619 Vulnerability in WWBN/AVideo (CVE-2026-45619)
vulnerability in WWBN/AVideo (CVE-2026-45619). Confidential information can be exposed externally. Exploitable via ``EpgParser.php``.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →