Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-9262 Vulnerability in canon (CVE-2026-9262)
vulnerability in canon (CVE-2026-9262). Confidential information can be exposed externally.
CVE-2026-9261 Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9260 Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9259 Vulnerability in canon (CVE-2026-9259)
vulnerability in canon (CVE-2026-9259). Confidential information can be exposed externally.
CVE-2026-9258 Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-53430 Vulnerability in dos (CVE-2026-53430)
vulnerability in dos (CVE-2026-53430). Risk of unauthorized operations or information disclosure.
CVE-2026-48854 Vulnerability in CVE-2026-48854 (CVE-2026-48854)
vulnerability in CVE-2026-48854 (CVE-2026-48854). Risk of unauthorized operations or information disclosure.
CVE-2026-48853 Unsafe Deserialization in deserialization (CVE-2026-48853)
vulnerability in deserialization (CVE-2026-48853). Risk of unauthorized operations or information disclosure.
CVE-2026-48723 OS Command Injection in CVE-2026-48723 (CVE-2026-48723)
OS command injection in CVE-2026-48723 (CVE-2026-48723). Successful exploitation can lead to full system takeover.
CVE-2026-48599 Vulnerability in CVE-2026-48599 (CVE-2026-48599)
vulnerability in CVE-2026-48599 (CVE-2026-48599). Risk of unauthorized operations or information disclosure. Exploitable via `GET /users/me/profile`.
CVE-2026-12205 Vulnerability in c (CVE-2026-12205)
vulnerability in c (CVE-2026-12205). Confidential information can be exposed externally.
CVE-2026-5064 Vulnerability in dos (CVE-2026-5064)
vulnerability in dos (CVE-2026-5064). Risk of unauthorized operations or information disclosure.
CVE-2026-48714 Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
CVE-2026-48713 Vulnerability in i18next-fs-backend (CVE-2026-48713)
vulnerability in i18next-fs-backend (CVE-2026-48713). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `2.6.4` or later.
CVE-2026-48157 Cross-Site Scripting (XSS) in slim/slim (CVE-2026-48157)
cross-site scripting in slim/slim (CVE-2026-48157). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpNotFoundException``. Mitigation: upgrade to `4.15.2` or later.
CVE-2026-12087 Out-of-Bounds Read in CVE-2026-12087 (CVE-2026-12087)
vulnerability in CVE-2026-12087 (CVE-2026-12087). Confidential information can be exposed externally.
CVE-2026-11832 Vulnerability in CVE-2026-11832 (CVE-2026-11832)
vulnerability in CVE-2026-11832 (CVE-2026-11832). Confidential information can be exposed externally.
CVE-2026-9691 Unsafe Deserialization in CVE-2026-9691 (CVE-2026-9691)
vulnerability in CVE-2026-9691 (CVE-2026-9691). Successful exploitation can lead to full system takeover.
CVE-2026-52700 Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
CVE-2026-52694 Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
CVE-2026-52699 Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
CVE-2026-52697 Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
CVE-2026-52703 Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
CVE-2026-49769 Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
CVE-2026-52702 Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
CVE-2026-49768 Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
CVE-2026-52693 Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
CVE-2026-49780 Customer Privilege Escalation in Dokan <= 5.0.2 versions.
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
CVE-2026-52692 Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
CVE-2026-49781 Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
CVE-2026-49776 SQL Injection in wordpress (CVE-2026-49776)
SQL injection in wordpress (CVE-2026-49776). Confidential information can be exposed externally.
CVE-2026-49773 Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
CVE-2026-52695 Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
CVE-2026-49775 Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
CVE-2026-49770 Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
CVE-2026-49765 Unsafe Deserialization in CVE-2026-49765 (CVE-2026-49765)
vulnerability in CVE-2026-49765 (CVE-2026-49765). Successful exploitation can lead to full system takeover.
CVE-2026-49764 Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
CVE-2026-49763 Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
CVE-2026-49110 Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
CVE-2026-49105 Unsafe Deserialization in CVE-2026-49105 (CVE-2026-49105)
vulnerability in CVE-2026-49105 (CVE-2026-49105). Successful exploitation can lead to full system takeover.
CVE-2026-49112 Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
CVE-2026-49068 Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
CVE-2026-49055 Cross-Site Scripting (XSS) in CVE-2026-49055 (CVE-2026-49055)
cross-site scripting in CVE-2026-49055 (CVE-2026-49055). Risk of unauthorized operations or information disclosure.
CVE-2026-49082 Vulnerability in CVE-2026-49082 (CVE-2026-49082)
vulnerability in CVE-2026-49082 (CVE-2026-49082). Risk of unauthorized operations or information disclosure.
CVE-2026-49067 Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
CVE-2026-49106 Unsafe Deserialization in CVE-2026-49106 (CVE-2026-49106)
vulnerability in CVE-2026-49106 (CVE-2026-49106). Successful exploitation can lead to full system takeover.
CVE-2026-49104 Unsafe Deserialization in CVE-2026-49104 (CVE-2026-49104)
vulnerability in CVE-2026-49104 (CVE-2026-49104). Successful exploitation can lead to full system takeover.
CVE-2026-49083 Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
CVE-2026-49070 Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →