Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-12324 Vulnerability in mozilla (CVE-2026-12324)
vulnerability in mozilla (CVE-2026-12324). Risk of unauthorized operations or information disclosure.
CVE-2026-12318 Buffer Overflow in mozilla (CVE-2026-12318)
vulnerability in mozilla (CVE-2026-12318). Risk of unauthorized operations or information disclosure.
CVE-2026-12317 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
CVE-2026-12314 Buffer Overflow in mozilla (CVE-2026-12314)
vulnerability in mozilla (CVE-2026-12314). Confidential information can be exposed externally.
CVE-2026-12312 Buffer Overflow in mozilla (CVE-2026-12312)
vulnerability in mozilla (CVE-2026-12312). Confidential information can be exposed externally.
CVE-2026-12310 Buffer Overflow in mozilla (CVE-2026-12310)
vulnerability in mozilla (CVE-2026-12310). Confidential information can be exposed externally.
CVE-2026-12305 Buffer Overflow in mozilla (CVE-2026-12305)
vulnerability in mozilla (CVE-2026-12305). Risk of unauthorized operations or information disclosure.
CVE-2026-12292 Buffer Overflow in mozilla (CVE-2026-12292)
vulnerability in mozilla (CVE-2026-12292). Confidential information can be exposed externally.
CVE-2026-12291 Use-After-Free in mozilla (CVE-2026-12291)
vulnerability in mozilla (CVE-2026-12291). Successful exploitation can lead to full system takeover.
CVE-2026-12290 Buffer Overflow in mozilla (CVE-2026-12290)
vulnerability in mozilla (CVE-2026-12290). Confidential information can be exposed externally.
CVE-2026-12289 Privilege Escalation in privilege-escalation (CVE-2026-12289)
vulnerability in privilege-escalation (CVE-2026-12289). Successful exploitation can lead to full system takeover.
CVE-2026-8442 Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
CVE-2026-8176 Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
CVE-2026-5416 OS Command Injection in CVE-2026-5416 (CVE-2026-5416)
OS command injection in CVE-2026-5416 (CVE-2026-5416). Successful exploitation can lead to full system takeover.
CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
CVE-2026-52712 Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
CVE-2026-52711 Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
CVE-2026-39581 Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
CVE-2026-39490 Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
CVE-2026-39437 Cross-Site Scripting (XSS) in CVE-2026-39437 (CVE-2026-39437)
cross-site scripting in CVE-2026-39437 (CVE-2026-39437). Risk of unauthorized operations or information disclosure.
CVE-2025-68045 Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
CVE-2026-46331 Vulnerability in linux (CVE-2026-46331)
vulnerability in linux (CVE-2026-46331). Successful exploitation can lead to full system takeover.
CVE-2026-8444 SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
CVE-2026-6933 Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
CVE-2026-8443 SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
CVE-2026-7273 Vulnerability in CVE-2026-7273 (CVE-2026-7273)
vulnerability in CVE-2026-7273 (CVE-2026-7273). Successful exploitation can lead to full system takeover.
CVE-2026-12161 OS Command Injection in devolutions (CVE-2026-12161)
OS command injection in devolutions (CVE-2026-12161). Successful exploitation can lead to full system takeover.
CVE-2026-48723 OS Command Injection in CVE-2026-48723 (CVE-2026-48723)
OS command injection in CVE-2026-48723 (CVE-2026-48723). Successful exploitation can lead to full system takeover.
CVE-2026-52700 Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
CVE-2026-52694 Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
CVE-2026-52699 Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
CVE-2026-52697 Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
CVE-2026-52702 Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
CVE-2026-49780 Customer Privilege Escalation in Dokan <= 5.0.2 versions.
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
CVE-2026-52692 Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
CVE-2026-52695 Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
CVE-2026-49110 Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
CVE-2026-49112 Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
CVE-2026-49068 Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
CVE-2026-49055 Cross-Site Scripting (XSS) in CVE-2026-49055 (CVE-2026-49055)
cross-site scripting in CVE-2026-49055 (CVE-2026-49055). Risk of unauthorized operations or information disclosure.
CVE-2026-49082 Vulnerability in CVE-2026-49082 (CVE-2026-49082)
vulnerability in CVE-2026-49082 (CVE-2026-49082). Risk of unauthorized operations or information disclosure.
CVE-2026-49083 Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
CVE-2026-49070 Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
CVE-2026-49063 Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
CVE-2026-49056 Vulnerability in CVE-2026-49056 (CVE-2026-49056)
vulnerability in CVE-2026-49056 (CVE-2026-49056). Confidential information can be exposed externally.
CVE-2026-48970 Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
CVE-2026-49066 Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
CVE-2026-49078 Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
CVE-2026-48964 Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →