Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-12290 Buffer Overflow in mozilla (CVE-2026-12290)
vulnerability in mozilla (CVE-2026-12290). Confidential information can be exposed externally.
CVE-2026-12289 Privilege Escalation in privilege-escalation (CVE-2026-12289)
vulnerability in privilege-escalation (CVE-2026-12289). Successful exploitation can lead to full system takeover.
CVE-2026-12225 Vulnerability in CVE-2026-12225 (CVE-2026-12225)
vulnerability in CVE-2026-12225 (CVE-2026-12225). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
CVE-2026-40750 Unrestricted File Upload in CVE-2026-40750 (CVE-2026-40750)
vulnerability in CVE-2026-40750 (CVE-2026-40750). Successful exploitation can lead to full system takeover.
CVE-2026-10829 Vulnerability in CVE-2026-10829 (CVE-2026-10829)
vulnerability in CVE-2026-10829 (CVE-2026-10829). Risk of unauthorized operations or information disclosure.
CVE-2026-8484 Vulnerability in dos (CVE-2026-8484)
vulnerability in dos (CVE-2026-8484). Risk of unauthorized operations or information disclosure.
CVE-2026-10828 Vulnerability in CVE-2026-10828 (CVE-2026-10828)
vulnerability in CVE-2026-10828 (CVE-2026-10828). Risk of unauthorized operations or information disclosure.
CVE-2026-8442 Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
CVE-2026-8176 Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
CVE-2026-5416 OS Command Injection in CVE-2026-5416 (CVE-2026-5416)
OS command injection in CVE-2026-5416 (CVE-2026-5416). Successful exploitation can lead to full system takeover.
CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
CVE-2026-54197 Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
CVE-2026-54190 Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
CVE-2026-52715 Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
CVE-2026-52714 Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
CVE-2026-52712 Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
CVE-2026-52711 Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
CVE-2026-49774 Code Injection in CVE-2026-49774 (CVE-2026-49774)
code injection in CVE-2026-49774 (CVE-2026-49774). Successful exploitation can lead to full system takeover.
CVE-2026-49772 SQL Injection in sqli (CVE-2026-49772)
SQL injection in sqli (CVE-2026-49772). Confidential information can be exposed externally.
CVE-2026-40809 Vulnerability in CVE-2026-40809 (CVE-2026-40809)
vulnerability in CVE-2026-40809 (CVE-2026-40809). Risk of unauthorized operations or information disclosure.
CVE-2026-39581 Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
CVE-2026-39574 Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
CVE-2026-39490 Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
CVE-2026-39437 Cross-Site Scripting (XSS) in CVE-2026-39437 (CVE-2026-39437)
cross-site scripting in CVE-2026-39437 (CVE-2026-39437). Risk of unauthorized operations or information disclosure.
CVE-2026-2381 Vulnerability in wordpress (CVE-2026-2381)
vulnerability in wordpress (CVE-2026-2381). Risk of unauthorized operations or information disclosure. Exploitable via ``wc_stripe_pay_for_order``.
CVE-2026-10825 Vulnerability in CVE-2026-10825 (CVE-2026-10825)
vulnerability in CVE-2026-10825 (CVE-2026-10825). Risk of unauthorized operations or information disclosure.
CVE-2025-68045 Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
CVE-2025-9912 Privilege Escalation in privilege-escalation (CVE-2025-9912)
vulnerability in privilege-escalation (CVE-2025-9912). Data can be tampered with by attackers.
CVE-2026-46331 Vulnerability in linux (CVE-2026-46331)
vulnerability in linux (CVE-2026-46331). Successful exploitation can lead to full system takeover.
CVE-2026-10093 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10093)
cross-site scripting in wordpress (CVE-2026-10093). Risk of unauthorized operations or information disclosure.
CVE-2026-8444 SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
CVE-2026-5667 Vulnerability in jvn (CVE-2026-5667)
vulnerability in jvn (CVE-2026-5667). Risk of unauthorized operations or information disclosure.
CVE-2026-6933 Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
CVE-2026-9187 Vulnerability in wordpress (CVE-2026-9187)
vulnerability in wordpress (CVE-2026-9187). Risk of unauthorized operations or information disclosure.
CVE-2026-10780 Vulnerability in wordpress (CVE-2026-10780)
vulnerability in wordpress (CVE-2026-10780). Risk of unauthorized operations or information disclosure.
CVE-2026-5149 Authorization Flaw in wordpress (CVE-2026-5149)
vulnerability in wordpress (CVE-2026-5149). Confidential information can be exposed externally.
CVE-2026-50255 Vulnerability in CVE-2026-50255 (CVE-2026-50255)
vulnerability in CVE-2026-50255 (CVE-2026-50255). Successful exploitation can lead to full system takeover.
CVE-2026-8443 SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
CVE-2025-10262 Vulnerability in privilege-escalation (CVE-2025-10262)
vulnerability in privilege-escalation (CVE-2025-10262). Data can be tampered with by attackers.
CVE-2026-10635 Use-After-Free in c (CVE-2026-10635)
vulnerability in c (CVE-2026-10635). Data can be tampered with by attackers.
CVE-2026-6964 Vulnerability in wordpress (CVE-2026-6964)
vulnerability in wordpress (CVE-2026-6964). Risk of unauthorized operations or information disclosure.
CVE-2026-7273 Vulnerability in CVE-2026-7273 (CVE-2026-7273)
vulnerability in CVE-2026-7273 (CVE-2026-7273). Successful exploitation can lead to full system takeover.
CVE-2026-42014 Vulnerability in CVE-2026-42014 (CVE-2026-42014)
vulnerability in CVE-2026-42014 (CVE-2026-42014). Risk of unauthorized operations or information disclosure. Exploitable via ``gnutls_pkcs11_token_set_pin``.
CVE-2026-1767 Vulnerability in dos (CVE-2026-1767)
vulnerability in dos (CVE-2026-1767). Risk of unauthorized operations or information disclosure.
CVE-2026-1766 Vulnerability in dos (CVE-2026-1766)
vulnerability in dos (CVE-2026-1766). Risk of unauthorized operations or information disclosure.
CVE-2026-1765 Out-of-Bounds Read in dos (CVE-2026-1765)
vulnerability in dos (CVE-2026-1765). Risk of unauthorized operations or information disclosure.
CVE-2026-1764 Out-of-Bounds Read in dos (CVE-2026-1764)
vulnerability in dos (CVE-2026-1764). Risk of unauthorized operations or information disclosure. Exploitable via ``extract_performers_tags``.
CVE-2026-12162 Vulnerability in devolutions (CVE-2026-12162)
vulnerability in devolutions (CVE-2026-12162). Risk of unauthorized operations or information disclosure.
CVE-2026-12161 OS Command Injection in devolutions (CVE-2026-12161)
OS command injection in devolutions (CVE-2026-12161). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →