Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48743 |
|
Vulnerability in envoyproxy (CVE-2026-48743)
vulnerability in envoyproxy (CVE-2026-48743). Data can be tampered with by attackers. Exploitable via `GET /pwn`. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-48044 |
|
Vulnerability in dos (CVE-2026-48044)
vulnerability in dos (CVE-2026-48044). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-48042 |
|
Vulnerability in envoyproxy (CVE-2026-48042)
vulnerability in envoyproxy (CVE-2026-48042). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-57231 |
|
Information Disclosure in podman-project (CVE-2026-57231)
vulnerability in podman-project (CVE-2026-57231). Confidential information can be exposed externally. Mitigation: upgrade to `5.8.4` or later.
|
| CVE-2026-56663 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-56663)
SSRF in ssrf (CVE-2026-56663). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.6.52` or later.
|
| CVE-2026-55677 |
|
Path Traversal in CVE-2026-55677 (CVE-2026-55677)
path traversal in CVE-2026-55677 (CVE-2026-55677). Confidential information can be exposed externally. Mitigation: upgrade to `4.15.3` or later.
|
| CVE-2026-44161 |
|
SSRF (Server-Side Request Forgery) in fluentd (CVE-2026-44161)
SSRF in fluentd (CVE-2026-44161). Risk of unauthorized operations or information disclosure. Exploitable via ``out_http``. Mitigation: upgrade to `1.19.3` or later.
|
| CVE-2026-44160 |
|
Vulnerability in fluentd (CVE-2026-44160)
vulnerability in fluentd (CVE-2026-44160). Risk of unauthorized operations or information disclosure. Exploitable via ``in_http``. Mitigation: upgrade to `1.19.3` or later.
|
| CVE-2026-44025 |
|
Vulnerability in fluentd (CVE-2026-44025)
vulnerability in fluentd (CVE-2026-44025). Confidential information can be exposed externally. Exploitable via ``in_monitor_agent``. Mitigation: upgrade to `1.19.3` or later.
|
| CVE-2026-9640 |
|
Authorization Flaw in privilege-escalation (CVE-2026-9640)
vulnerability in privilege-escalation (CVE-2026-9640). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12411 |
|
Vulnerability in canonical (CVE-2026-12411)
vulnerability in canonical (CVE-2026-12411). Confidential information can be exposed externally.
|
| CVE-2026-57662 |
|
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
|
| CVE-2026-57667 |
|
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
|
| CVE-2026-57655 |
|
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
|
| CVE-2026-57663 |
|
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
|
| CVE-2026-57659 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57659)
vulnerability in csrf (CVE-2026-57659). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57647 |
|
Vulnerability in CVE-2026-57647 (CVE-2026-57647)
vulnerability in CVE-2026-57647 (CVE-2026-57647). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57653 |
|
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
|
| CVE-2026-57644 |
|
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
|
| CVE-2026-57643 |
|
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
|
| CVE-2026-57645 |
|
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
|
| CVE-2026-57642 |
|
Contributor SQL Injection in Gallery <= 4.7.8 versions.
Contributor SQL Injection in Gallery <= 4.7.8 versions.
|
| CVE-2026-57636 |
|
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
|
| CVE-2026-57628 |
|
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
|
| CVE-2026-57631 |
|
Administrator SQL Injection in Popup box <= 6.0.1 versions.
Administrator SQL Injection in Popup box <= 6.0.1 versions.
|
| CVE-2026-57527 |
|
Unsafe Deserialization in deserialization (CVE-2026-57527)
vulnerability in deserialization (CVE-2026-57527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57322 |
|
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
|
| CVE-2026-57325 |
|
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
|
| CVE-2026-57321 |
|
Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.
Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.
|
| CVE-2026-57317 |
|
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
|
| CVE-2026-57319 |
|
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
|
| CVE-2026-57314 |
|
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
|
| CVE-2026-56072 |
|
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
|
| CVE-2026-57315 |
|
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
|
| CVE-2026-56773 |
|
Vulnerability in CVE-2026-56773 (CVE-2026-56773)
vulnerability in CVE-2026-56773 (CVE-2026-56773). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v2/tables/get`.
|
| CVE-2026-57312 |
|
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
|
| CVE-2026-56069 |
|
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
|
| CVE-2026-56063 |
|
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
|
| CVE-2026-56064 |
|
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
|
| CVE-2026-56060 |
|
Vulnerability in CVE-2026-56060 (CVE-2026-56060)
vulnerability in CVE-2026-56060 (CVE-2026-56060). Confidential information can be exposed externally.
|
| CVE-2026-56061 |
|
Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.
Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.
|
| CVE-2026-56031 |
|
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
|
| CVE-2026-56045 |
|
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
|
| CVE-2026-56055 |
|
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
|
| CVE-2026-56044 |
|
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
|
| CVE-2026-56047 |
|
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
|
| CVE-2026-56041 |
|
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
|
| CVE-2026-56043 |
|
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
|
| CVE-2026-56040 |
|
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
|
| CVE-2026-56039 |
|
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
|