Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-27425 |
|
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
|
| CVE-2026-27412 |
|
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
|
| CVE-2025-69156 |
|
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
|
| CVE-2025-69155 |
|
Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.
|
| CVE-2026-11946 |
|
Vulnerability in CVE-2026-11946 (CVE-2026-11946)
vulnerability in CVE-2026-11946 (CVE-2026-11946). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69154 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-69154)
cross-site scripting in wordpress (CVE-2025-69154). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69153 |
|
Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.
|
| CVE-2026-14449 |
|
Cross-Site Scripting (XSS) in CVE-2026-14449 (CVE-2026-14449)
cross-site scripting in CVE-2026-14449 (CVE-2026-14449). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69133 |
|
Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.
Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.
|
| CVE-2025-69134 |
|
Vulnerability in wordpress (CVE-2025-69134)
vulnerability in wordpress (CVE-2025-69134). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-66076 |
|
Unauthenticated Broken Access Control in Woostify Sites Library <= 1.6.2 versions.
Unauthenticated Broken Access Control in Woostify Sites Library <= 1.6.2 versions.
|
| CVE-2025-69094 |
|
Subscriber SQL Injection in Unicamp <= 2.2.2 versions.
Subscriber SQL Injection in Unicamp <= 2.2.2 versions.
|
| CVE-2025-69132 |
|
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
|
| CVE-2025-69152 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-69152)
cross-site scripting in wordpress (CVE-2025-69152). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-58902 |
|
Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions.
Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions.
|
| CVE-2026-54431 |
|
Vulnerability in CVE-2026-54431 (CVE-2026-54431)
vulnerability in CVE-2026-54431 (CVE-2026-54431). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54430 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-54430 (CVE-2026-54430)
SSRF in CVE-2026-54430 (CVE-2026-54430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9834 |
|
Command Injection in wordpress (CVE-2026-9834)
command injection in wordpress (CVE-2026-9834). Successful exploitation can lead to full system takeover. Exploitable via ``wp_db_exclude_table``.
|
| CVE-2026-9188 |
|
Vulnerability in wordpress (CVE-2026-9188)
vulnerability in wordpress (CVE-2026-9188). Risk of unauthorized operations or information disclosure. Exploitable via ``appointmentkey``.
|
| CVE-2026-9145 |
|
Path Traversal in wordpress (CVE-2026-9145)
path traversal in wordpress (CVE-2026-9145). Confidential information can be exposed externally.
|
| CVE-2026-8482 |
|
Vulnerability in CVE-2026-8482 (CVE-2026-8482)
vulnerability in CVE-2026-8482 (CVE-2026-8482). Confidential information can be exposed externally.
|
| CVE-2026-8441 |
|
SQL Injection in wordpress (CVE-2026-8441)
SQL injection in wordpress (CVE-2026-8441). Confidential information can be exposed externally.
|
| CVE-2026-14336 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-14336 (CVE-2026-14336)
SSRF in CVE-2026-14336 (CVE-2026-14336). Data can be tampered with by attackers. Exploitable via `POST /v1/upload/sbom`.
|
| CVE-2026-14029 |
|
SQL Injection in wordpress (CVE-2026-14029)
SQL injection in wordpress (CVE-2026-14029). Confidential information can be exposed externally.
|
| CVE-2026-13459 |
|
Vulnerability in wordpress (CVE-2026-13459)
vulnerability in wordpress (CVE-2026-13459). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13369 |
|
Path Traversal in wordpress (CVE-2026-13369)
path traversal in wordpress (CVE-2026-13369). Confidential information can be exposed externally.
|
| CVE-2026-13252 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13252)
cross-site scripting in wordpress (CVE-2026-13252). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13251 |
|
Path Traversal in wordpress (CVE-2026-13251)
path traversal in wordpress (CVE-2026-13251). Confidential information can be exposed externally.
|
| CVE-2026-12657 |
|
Vulnerability in wordpress (CVE-2026-12657)
vulnerability in wordpress (CVE-2026-12657). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12472 |
|
Vulnerability in wordpress (CVE-2026-12472)
vulnerability in wordpress (CVE-2026-12472). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12134 |
|
Vulnerability in wordpress (CVE-2026-12134)
vulnerability in wordpress (CVE-2026-12134). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12122 |
|
Vulnerability in wordpress (CVE-2026-12122)
vulnerability in wordpress (CVE-2026-12122). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11896 |
|
Vulnerability in wordpress (CVE-2026-11896)
vulnerability in wordpress (CVE-2026-11896). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10104 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10104)
cross-site scripting in wordpress (CVE-2026-10104). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9563 |
|
Vulnerability in dos (CVE-2026-9563)
vulnerability in dos (CVE-2026-9563). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33592 |
|
Vulnerability in CVE-2026-33592 (CVE-2026-33592)
vulnerability in CVE-2026-33592 (CVE-2026-33592). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8147 |
|
Vulnerability in lfprojects (CVE-2026-8147)
vulnerability in lfprojects (CVE-2026-8147). Confidential information can be exposed externally. Exploitable via ``_before_request``.
|
| CVE-2026-14249 |
|
Vulnerability in wordpress (CVE-2026-14249)
vulnerability in wordpress (CVE-2026-14249). Data can be tampered with by attackers.
|
| CVE-2026-5348 |
|
Vulnerability in wordpress (CVE-2026-5348)
vulnerability in wordpress (CVE-2026-5348). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13704 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13704)
cross-site scripting in wordpress (CVE-2026-13704). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11781 |
|
Vulnerability in wordpress (CVE-2026-11781)
vulnerability in wordpress (CVE-2026-11781). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11592 |
|
Vulnerability in wordpress (CVE-2026-11592)
vulnerability in wordpress (CVE-2026-11592). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5821 |
|
Vulnerability in wordpress (CVE-2026-5821)
vulnerability in wordpress (CVE-2026-5821). Data can be tampered with by attackers.
|
| CVE-2026-11600 |
|
Vulnerability in wordpress (CVE-2026-11600)
vulnerability in wordpress (CVE-2026-11600). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11965 |
|
Vulnerability in wordpress (CVE-2026-11965)
vulnerability in wordpress (CVE-2026-11965). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13357 |
|
SQL Injection in wordpress (CVE-2026-13357)
SQL injection in wordpress (CVE-2026-13357). Confidential information can be exposed externally.
|
| CVE-2026-10089 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10089)
cross-site scripting in wordpress (CVE-2026-10089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10077 |
|
Vulnerability in wordpress (CVE-2026-10077)
vulnerability in wordpress (CVE-2026-10077). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11578 |
|
Vulnerability in wordpress (CVE-2026-11578)
vulnerability in wordpress (CVE-2026-11578). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57278 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|