Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8402 |
|
SQL Injection in sqli (CVE-2026-8402)
SQL injection in sqli (CVE-2026-8402). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13766 |
|
SQL Injection in sqli (CVE-2026-13766)
SQL injection in sqli (CVE-2026-13766). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9711 |
|
SQL Injection in wordpress (CVE-2026-9711)
SQL injection in wordpress (CVE-2026-9711). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12073 |
|
Vulnerability in wordpress (CVE-2026-12073)
vulnerability in wordpress (CVE-2026-12073). Successful exploitation can lead to full system takeover. Exploitable via ``user_login``.
|
| CVE-2026-55276 |
|
Vulnerability in apache (CVE-2026-55276)
vulnerability in apache (CVE-2026-55276). Confidential information can be exposed externally.
|
| CVE-2026-53434 |
|
Vulnerability in apache (CVE-2026-53434)
vulnerability in apache (CVE-2026-53434). Confidential information can be exposed externally.
|
| CVE-2026-13762 |
|
Vulnerability in Amazon aws (CVE-2026-13762)
vulnerability in Amazon aws (CVE-2026-13762). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57498 |
|
Vulnerability in CVE-2026-57498 (CVE-2026-57498)
vulnerability in CVE-2026-57498 (CVE-2026-57498). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.0-beta.474` or later.
|
| CVE-2026-39868 |
|
Vulnerability in apple (CVE-2026-39868)
vulnerability in apple (CVE-2026-39868). Data can be tampered with by attackers.
|
| CVE-2026-37637 |
|
Code Injection in CVE-2026-37637 (CVE-2026-37637)
code injection in CVE-2026-37637 (CVE-2026-37637). Confidential information can be exposed externally.
|
| CVE-2026-13763 |
|
Vulnerability in amazon (CVE-2026-13763)
vulnerability in amazon (CVE-2026-13763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56782 |
|
Vulnerability in CVE-2026-56782 (CVE-2026-56782)
vulnerability in CVE-2026-56782 (CVE-2026-56782). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11720 |
|
Path Traversal in path-traversal (CVE-2026-11720)
path traversal in path-traversal (CVE-2026-11720). Confidential information can be exposed externally.
|
| CVE-2026-57331 |
|
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
|
| CVE-2026-56290 KEV |
|
[KEV] Unrestricted File Upload in Joomlack page-builder-ck (CVE-2026-56290)
vulnerability in Joomlack page-builder-ck (CVE-2026-56290). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-49048 |
|
SQL Injection in joomcoder (CVE-2026-49048)
SQL injection in joomcoder (CVE-2026-49048). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58053 |
|
Privilege Escalation in CVE-2026-58053 (CVE-2026-58053)
vulnerability in CVE-2026-58053 (CVE-2026-58053). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12415 |
|
Privilege Escalation in wordpress (CVE-2026-12415)
vulnerability in wordpress (CVE-2026-12415). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28701 |
|
Path Traversal in daktronics (CVE-2026-28701)
path traversal in daktronics (CVE-2026-28701). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53576 |
|
Code Injection in kestra (CVE-2026-53576)
code injection in kestra (CVE-2026-53576). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-49869 |
|
OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-53309 |
|
Vulnerability in linux (CVE-2026-53309)
vulnerability in linux (CVE-2026-53309). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52785 |
|
SQL Injection in sqli (CVE-2026-52785)
SQL injection in sqli (CVE-2026-52785). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-52782 |
|
Vulnerability in CVE-2026-52782 (CVE-2026-52782)
vulnerability in CVE-2026-52782 (CVE-2026-52782). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-52780 |
|
Vulnerability in CVE-2026-52780 (CVE-2026-52780)
vulnerability in CVE-2026-52780 (CVE-2026-52780). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-46386 |
|
Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0685 |
|
Vulnerability in CVE-2026-0685 (CVE-2026-0685)
vulnerability in CVE-2026-0685 (CVE-2026-0685). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11919 |
|
Vulnerability in CVE-2025-11919 (CVE-2025-11919)
vulnerability in CVE-2025-11919 (CVE-2025-11919). Confidential information can be exposed externally.
|
| CVE-2026-54636 |
|
OS Command Injection in dokku (CVE-2026-54636)
OS command injection in dokku (CVE-2026-54636). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.7` or later.
|
| CVE-2026-45408 |
|
OS Command Injection in dokku (CVE-2026-45408)
OS command injection in dokku (CVE-2026-45408). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
|
| CVE-2026-45406 |
|
Vulnerability in dokku (CVE-2026-45406)
vulnerability in dokku (CVE-2026-45406). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
|
| CVE-2026-45405 |
|
Vulnerability in dokku (CVE-2026-45405)
vulnerability in dokku (CVE-2026-45405). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
|
| CVE-2026-57658 |
|
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
|
| CVE-2026-56068 |
|
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
|
| CVE-2026-56067 |
|
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
|
| CVE-2026-56070 |
|
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
|
| CVE-2026-56062 |
|
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
|
| CVE-2026-56059 |
|
Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.
Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.
|
| CVE-2026-56057 |
|
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
|
| CVE-2026-56058 |
|
Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.
Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.
|
| CVE-2026-56032 |
|
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
|
| CVE-2026-56030 |
|
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
|
| CVE-2026-56028 |
|
Vulnerability in privilege-escalation (CVE-2026-56028)
vulnerability in privilege-escalation (CVE-2026-56028). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56027 |
|
Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.
Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.
|
| CVE-2026-56036 |
|
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
|
| CVE-2026-56033 |
|
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
|
| CVE-2026-56034 |
|
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
|
| CVE-2026-54827 |
|
Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.
Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.
|
| CVE-2026-54831 |
|
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
|
| CVE-2026-54825 |
|
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
|