Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9262 |
|
Vulnerability in canon (CVE-2026-9262)
vulnerability in canon (CVE-2026-9262). Confidential information can be exposed externally.
|
| CVE-2026-9261 |
|
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
|
| CVE-2026-9260 |
|
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
|
| CVE-2026-9259 |
|
Vulnerability in canon (CVE-2026-9259)
vulnerability in canon (CVE-2026-9259). Confidential information can be exposed externally.
|
| CVE-2026-9258 |
|
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
|
| CVE-2026-53430 |
|
Vulnerability in dos (CVE-2026-53430)
vulnerability in dos (CVE-2026-53430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48854 |
|
Vulnerability in CVE-2026-48854 (CVE-2026-48854)
vulnerability in CVE-2026-48854 (CVE-2026-48854). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48853 |
|
Unsafe Deserialization in deserialization (CVE-2026-48853)
vulnerability in deserialization (CVE-2026-48853). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48723 |
|
OS Command Injection in CVE-2026-48723 (CVE-2026-48723)
OS command injection in CVE-2026-48723 (CVE-2026-48723). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48599 |
|
Vulnerability in CVE-2026-48599 (CVE-2026-48599)
vulnerability in CVE-2026-48599 (CVE-2026-48599). Risk of unauthorized operations or information disclosure. Exploitable via `GET /users/me/profile`.
|
| CVE-2026-12205 |
|
Vulnerability in c (CVE-2026-12205)
vulnerability in c (CVE-2026-12205). Confidential information can be exposed externally.
|
| CVE-2026-5064 |
|
Vulnerability in dos (CVE-2026-5064)
vulnerability in dos (CVE-2026-5064). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48714 |
|
Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
|
| CVE-2026-48713 |
|
Vulnerability in i18next-fs-backend (CVE-2026-48713)
vulnerability in i18next-fs-backend (CVE-2026-48713). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `2.6.4` or later.
|
| CVE-2026-48157 |
|
Cross-Site Scripting (XSS) in slim/slim (CVE-2026-48157)
cross-site scripting in slim/slim (CVE-2026-48157). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpNotFoundException``. Mitigation: upgrade to `4.15.2` or later.
|
| CVE-2026-12087 |
|
Out-of-Bounds Read in CVE-2026-12087 (CVE-2026-12087)
vulnerability in CVE-2026-12087 (CVE-2026-12087). Confidential information can be exposed externally.
|
| CVE-2026-11832 |
|
Vulnerability in CVE-2026-11832 (CVE-2026-11832)
vulnerability in CVE-2026-11832 (CVE-2026-11832). Confidential information can be exposed externally.
|
| CVE-2026-9691 |
|
Unsafe Deserialization in CVE-2026-9691 (CVE-2026-9691)
vulnerability in CVE-2026-9691 (CVE-2026-9691). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52700 |
|
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
|
| CVE-2026-52694 |
|
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
|
| CVE-2026-52699 |
|
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
|
| CVE-2026-52697 |
|
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
|
| CVE-2026-52703 |
|
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
|
| CVE-2026-49769 |
|
Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
|
| CVE-2026-52702 |
|
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
|
| CVE-2026-49768 |
|
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
|
| CVE-2026-52693 |
|
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
|
| CVE-2026-49780 |
|
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
|
| CVE-2026-52692 |
|
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
|
| CVE-2026-49781 |
|
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
|
| CVE-2026-49776 |
|
SQL Injection in wordpress (CVE-2026-49776)
SQL injection in wordpress (CVE-2026-49776). Confidential information can be exposed externally.
|
| CVE-2026-49773 |
|
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
|
| CVE-2026-52695 |
|
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
|
| CVE-2026-49775 |
|
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
|
| CVE-2026-49766 |
|
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
|
| CVE-2026-49770 |
|
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
|
| CVE-2026-49765 |
|
Unsafe Deserialization in CVE-2026-49765 (CVE-2026-49765)
vulnerability in CVE-2026-49765 (CVE-2026-49765). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49764 |
|
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
|
| CVE-2026-49763 |
|
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
|
| CVE-2026-49110 |
|
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
|
| CVE-2026-49105 |
|
Unsafe Deserialization in CVE-2026-49105 (CVE-2026-49105)
vulnerability in CVE-2026-49105 (CVE-2026-49105). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49112 |
|
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
|
| CVE-2026-49068 |
|
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
|
| CVE-2026-49055 |
|
Cross-Site Scripting (XSS) in CVE-2026-49055 (CVE-2026-49055)
cross-site scripting in CVE-2026-49055 (CVE-2026-49055). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49082 |
|
Vulnerability in CVE-2026-49082 (CVE-2026-49082)
vulnerability in CVE-2026-49082 (CVE-2026-49082). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49067 |
|
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
|
| CVE-2026-49106 |
|
Unsafe Deserialization in CVE-2026-49106 (CVE-2026-49106)
vulnerability in CVE-2026-49106 (CVE-2026-49106). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49104 |
|
Unsafe Deserialization in CVE-2026-49104 (CVE-2026-49104)
vulnerability in CVE-2026-49104 (CVE-2026-49104). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49083 |
|
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
|
| CVE-2026-49070 |
|
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
|