Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Clear
ID Title
CVE-2018-25389 SQL Injection in sqli (CVE-2018-25389)
SQL injection in sqli (CVE-2018-25389). Confidential information can be exposed externally.
CVE-2018-25390 SQL Injection in sqli (CVE-2018-25390)
SQL injection in sqli (CVE-2018-25390). Confidential information can be exposed externally.
CVE-2018-25391 Vulnerability in CVE-2018-25391 (CVE-2018-25391)
vulnerability in CVE-2018-25391 (CVE-2018-25391). Data can be tampered with by attackers.
CVE-2018-25392 SQL Injection in sqli (CVE-2018-25392)
SQL injection in sqli (CVE-2018-25392). Confidential information can be exposed externally.
CVE-2018-25393 Path Traversal in path-traversal (CVE-2018-25393)
path traversal in path-traversal (CVE-2018-25393). Confidential information can be exposed externally.
CVE-2018-25394 SQL Injection in sqli (CVE-2018-25394)
SQL injection in sqli (CVE-2018-25394). Confidential information can be exposed externally.
CVE-2018-25395 SQL Injection in sqli (CVE-2018-25395)
SQL injection in sqli (CVE-2018-25395). Confidential information can be exposed externally.
CVE-2018-25382 SQL Injection in sqli (CVE-2018-25382)
SQL injection in sqli (CVE-2018-25382). Confidential information can be exposed externally.
CVE-2018-25384 Cross-Site Scripting (XSS) in CVE-2018-25384 (CVE-2018-25384)
cross-site scripting in CVE-2018-25384 (CVE-2018-25384). Risk of unauthorized operations or information disclosure.
CVE-2018-25385 SQL Injection in sqli (CVE-2018-25385)
SQL injection in sqli (CVE-2018-25385). Confidential information can be exposed externally.
CVE-2018-25386 SQL Injection in sqli (CVE-2018-25386)
SQL injection in sqli (CVE-2018-25386). Confidential information can be exposed externally.
CVE-2018-25387 Cross-Site Request Forgery (CSRF) in CVE-2018-25387 (CVE-2018-25387)
vulnerability in CVE-2018-25387 (CVE-2018-25387). Risk of unauthorized operations or information disclosure.
CVE-2018-25388 Unrestricted File Upload in CVE-2018-25388 (CVE-2018-25388)
vulnerability in CVE-2018-25388 (CVE-2018-25388). Successful exploitation can lead to full system takeover.
CVE-2026-44494 Vulnerability in axios (CVE-2026-44494)
vulnerability in axios (CVE-2026-44494). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `1.15.0` or later.
CVE-2026-44492 SSRF (Server-Side Request Forgery) in axios (CVE-2026-44492)
SSRF in axios (CVE-2026-44492). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-44490 Vulnerability in axios (CVE-2026-44490)
vulnerability in axios (CVE-2026-44490). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `0.32.0` or later.
CVE-2026-44489 Vulnerability in axios (CVE-2026-44489)
vulnerability in axios (CVE-2026-44489). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-4290 Vulnerability in wordpress (CVE-2026-4290)
vulnerability in wordpress (CVE-2026-4290). Data can be tampered with by attackers.
CVE-2026-47696 Vulnerability in WWBN/AVideo (CVE-2026-47696)
vulnerability in WWBN/AVideo (CVE-2026-47696). Risk of unauthorized operations or information disclosure. Exploitable via ``amount``.
CVE-2026-46376 Vulnerability in sangoma (CVE-2026-46376)
vulnerability in sangoma (CVE-2026-46376). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.45` or later.
CVE-2026-44698 Code Injection in CVE-2026-44698 (CVE-2026-44698)
code injection in CVE-2026-44698 (CVE-2026-44698). Successful exploitation can lead to full system takeover. Exploitable via ``window.externalApp``. Mitigation: upgrade to `2026.4.1` or later.
CVE-2026-44237 Vulnerability in sangoma (CVE-2026-44237)
vulnerability in sangoma (CVE-2026-44237). Confidential information can be exposed externally. Mitigation: upgrade to `17.0.8` or later.
CVE-2026-44239 Vulnerability in path-traversal (CVE-2026-44239)
vulnerability in path-traversal (CVE-2026-44239). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.22` or later.
CVE-2026-44238 SQL Injection in sqli (CVE-2026-44238)
SQL injection in sqli (CVE-2026-44238). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.50` or later.
CVE-2026-48527 Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-48527)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-48527). Confidential information can be exposed externally. Exploitable via `POST /system/api/saveNode`. Mitigation: upgrade to `26.0.1` or later.
CVE-2026-45551 Cross-Site Scripting (XSS) in CVE-2026-45551 (CVE-2026-45551)
cross-site scripting in CVE-2026-45551 (CVE-2026-45551). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.25` or later.
CVE-2025-12714 Vulnerability in wordpress (CVE-2025-12714)
vulnerability in wordpress (CVE-2025-12714). Risk of unauthorized operations or information disclosure.
CVE-2026-9559 Path Traversal in mautic/core (CVE-2026-9559)
path traversal in mautic/core (CVE-2026-9559). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
CVE-2026-9189 Vulnerability in wordpress (CVE-2026-9189)
vulnerability in wordpress (CVE-2026-9189). Risk of unauthorized operations or information disclosure. Exploitable via ``mc_gross``.
CVE-2026-6075 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6075)
vulnerability in wordpress (CVE-2026-6075). Data can be tampered with by attackers.
CVE-2026-10039 SQL Injection in wordpress (CVE-2026-10039)
SQL injection in wordpress (CVE-2026-10039). Confidential information can be exposed externally.
CVE-2026-9243 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9243)
cross-site scripting in wordpress (CVE-2026-9243). Risk of unauthorized operations or information disclosure.
CVE-2026-3655 Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
CVE-2025-11262 The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
CVE-2025-11993 Unsafe Deserialization in wordpress (CVE-2025-11993)
vulnerability in wordpress (CVE-2025-11993). Successful exploitation can lead to full system takeover.
CVE-2025-14042 Cross-Site Scripting (XSS) in wordpress (CVE-2025-14042)
cross-site scripting in wordpress (CVE-2025-14042). Risk of unauthorized operations or information disclosure.
CVE-2026-6275 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6275)
cross-site scripting in wordpress (CVE-2026-6275). Risk of unauthorized operations or information disclosure.
CVE-2026-9714 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9714)
cross-site scripting in wordpress (CVE-2026-9714). Risk of unauthorized operations or information disclosure.
CVE-2026-8732 Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
CVE-2026-2128 Information Disclosure in wordpress (CVE-2026-2128)
vulnerability in wordpress (CVE-2026-2128). Risk of unauthorized operations or information disclosure. Exploitable via ``wordpress_logged_in_``.
CVE-2026-8995 Information Disclosure in wordpress (CVE-2026-8995)
vulnerability in wordpress (CVE-2026-8995). Risk of unauthorized operations or information disclosure.
CVE-2026-7430 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7430)
cross-site scripting in wordpress (CVE-2026-7430). Risk of unauthorized operations or information disclosure. Exploitable via ``WPEditor.php``.
CVE-2026-9967 Out-of-Bounds Write in google (CVE-2026-9967)
out-of-bounds write in google (CVE-2026-9967). Successful exploitation can lead to full system takeover.
CVE-2026-9937 Use-After-Free in google (CVE-2026-9937)
vulnerability in google (CVE-2026-9937). Successful exploitation can lead to full system takeover.
CVE-2026-9934 Use-After-Free in Google chrome (CVE-2026-9934)
vulnerability in Google chrome (CVE-2026-9934). Successful exploitation can lead to full system takeover.
CVE-2026-9948 Use-After-Free in google (CVE-2026-9948)
vulnerability in google (CVE-2026-9948). Successful exploitation can lead to full system takeover.
CVE-2026-9947 Use-After-Free in google (CVE-2026-9947)
vulnerability in google (CVE-2026-9947). Successful exploitation can lead to full system takeover.
CVE-2026-9935 Vulnerability in google (CVE-2026-9935)
vulnerability in google (CVE-2026-9935). Risk of unauthorized operations or information disclosure.
CVE-2026-9952 Use-After-Free in google (CVE-2026-9952)
vulnerability in google (CVE-2026-9952). Successful exploitation can lead to full system takeover.
CVE-2026-9946 Use-After-Free in google (CVE-2026-9946)
vulnerability in google (CVE-2026-9946). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →