Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-39590 |
|
Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
|
| CVE-2025-69144 |
|
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
|
| CVE-2025-69126 |
|
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
|
| CVE-2025-69158 |
|
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
|
| CVE-2025-69166 |
|
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
|
| CVE-2025-68524 |
|
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
|
| CVE-2025-69140 |
|
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
|
| CVE-2025-69115 |
|
Vulnerability in wordpress (CVE-2025-69115)
vulnerability in wordpress (CVE-2025-69115). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69123 |
|
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
|
| CVE-2025-69157 |
|
Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
|
| CVE-2025-69120 |
|
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
|
| CVE-2025-69106 |
|
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
|
| CVE-2025-69189 |
|
Vulnerability in CVE-2025-69189 (CVE-2025-69189)
vulnerability in CVE-2025-69189 (CVE-2025-69189). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69174 |
|
Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
|
| CVE-2025-69170 |
|
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
|
| CVE-2025-66391 |
|
Vulnerability in CVE-2025-66391 (CVE-2025-66391)
vulnerability in CVE-2025-66391 (CVE-2025-66391). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9570 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9570)
cross-site scripting in wordpress (CVE-2026-9570). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69164 |
|
Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
|
| CVE-2026-9690 |
|
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
|
| CVE-2026-8089 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8089)
cross-site scripting in wordpress (CVE-2026-8089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54804 |
|
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
|
| CVE-2026-54185 |
|
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
|
| CVE-2026-54188 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
|
| CVE-2026-54184 |
|
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
|
| CVE-2026-54802 |
|
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
|
| CVE-2026-54805 |
|
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
|
| CVE-2026-54195 |
|
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
|
| CVE-2026-52698 |
|
Vulnerability in CVE-2026-52698 (CVE-2026-52698)
vulnerability in CVE-2026-52698 (CVE-2026-52698). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53876 |
|
OS Command Injection in CVE-2026-53876 (CVE-2026-53876)
OS command injection in CVE-2026-53876 (CVE-2026-53876). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54192 |
|
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
|
| CVE-2026-52696 |
|
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
|
| CVE-2026-54189 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
|
| CVE-2026-49113 |
|
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
|
| CVE-2026-49778 |
|
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
|
| CVE-2026-48967 |
|
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
|
| CVE-2026-48929 |
|
Authentication Bypass in rocketchat (CVE-2026-48929)
authentication bypass in rocketchat (CVE-2026-48929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49073 |
|
SQL Injection in sqli (CVE-2026-49073)
SQL injection in sqli (CVE-2026-49073). Confidential information can be exposed externally.
|
| CVE-2026-49081 |
|
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
|
| CVE-2026-48869 |
|
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
|
| CVE-2026-49074 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
|
| CVE-2026-49057 |
|
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
|
| CVE-2026-42629 |
|
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
|
| CVE-2026-42385 |
|
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
|
| CVE-2026-40760 |
|
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
|
| CVE-2026-40761 |
|
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
|
| CVE-2026-40726 |
|
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
|
| CVE-2026-40731 |
|
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
|
| CVE-2026-40765 |
|
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
|
| CVE-2026-40768 |
|
Vulnerability in CVE-2026-40768 (CVE-2026-40768)
vulnerability in CVE-2026-40768 (CVE-2026-40768). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40755 |
|
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
|