Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-8402 SQL Injection in sqli (CVE-2026-8402)
SQL injection in sqli (CVE-2026-8402). Successful exploitation can lead to full system takeover.
CVE-2026-13766 SQL Injection in sqli (CVE-2026-13766)
SQL injection in sqli (CVE-2026-13766). Successful exploitation can lead to full system takeover.
CVE-2026-9711 SQL Injection in wordpress (CVE-2026-9711)
SQL injection in wordpress (CVE-2026-9711). Successful exploitation can lead to full system takeover.
CVE-2026-12073 Vulnerability in wordpress (CVE-2026-12073)
vulnerability in wordpress (CVE-2026-12073). Successful exploitation can lead to full system takeover. Exploitable via ``user_login``.
CVE-2026-55276 Vulnerability in apache (CVE-2026-55276)
vulnerability in apache (CVE-2026-55276). Confidential information can be exposed externally.
CVE-2026-53434 Vulnerability in apache (CVE-2026-53434)
vulnerability in apache (CVE-2026-53434). Confidential information can be exposed externally.
CVE-2026-13762 Vulnerability in Amazon aws (CVE-2026-13762)
vulnerability in Amazon aws (CVE-2026-13762). Successful exploitation can lead to full system takeover.
CVE-2026-57498 Vulnerability in CVE-2026-57498 (CVE-2026-57498)
vulnerability in CVE-2026-57498 (CVE-2026-57498). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.0-beta.474` or later.
CVE-2026-39868 Vulnerability in apple (CVE-2026-39868)
vulnerability in apple (CVE-2026-39868). Data can be tampered with by attackers.
CVE-2026-37637 Code Injection in CVE-2026-37637 (CVE-2026-37637)
code injection in CVE-2026-37637 (CVE-2026-37637). Confidential information can be exposed externally.
CVE-2026-13763 Vulnerability in amazon (CVE-2026-13763)
vulnerability in amazon (CVE-2026-13763). Successful exploitation can lead to full system takeover.
CVE-2026-56782 Vulnerability in CVE-2026-56782 (CVE-2026-56782)
vulnerability in CVE-2026-56782 (CVE-2026-56782). Successful exploitation can lead to full system takeover.
CVE-2026-11720 Path Traversal in path-traversal (CVE-2026-11720)
path traversal in path-traversal (CVE-2026-11720). Confidential information can be exposed externally.
CVE-2026-57331 Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
CVE-2026-56290 KEV [KEV] Unrestricted File Upload in Joomlack page-builder-ck (CVE-2026-56290)
vulnerability in Joomlack page-builder-ck (CVE-2026-56290). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-49048 SQL Injection in joomcoder (CVE-2026-49048)
SQL injection in joomcoder (CVE-2026-49048). Successful exploitation can lead to full system takeover.
CVE-2026-58053 Privilege Escalation in CVE-2026-58053 (CVE-2026-58053)
vulnerability in CVE-2026-58053 (CVE-2026-58053). Successful exploitation can lead to full system takeover.
CVE-2026-12415 Privilege Escalation in wordpress (CVE-2026-12415)
vulnerability in wordpress (CVE-2026-12415). Successful exploitation can lead to full system takeover.
CVE-2026-28701 Path Traversal in daktronics (CVE-2026-28701)
path traversal in daktronics (CVE-2026-28701). Successful exploitation can lead to full system takeover.
CVE-2026-53576 Code Injection in kestra (CVE-2026-53576)
code injection in kestra (CVE-2026-53576). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-49869 OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-53309 Vulnerability in linux (CVE-2026-53309)
vulnerability in linux (CVE-2026-53309). Successful exploitation can lead to full system takeover.
CVE-2026-52785 SQL Injection in sqli (CVE-2026-52785)
SQL injection in sqli (CVE-2026-52785). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52782 Vulnerability in CVE-2026-52782 (CVE-2026-52782)
vulnerability in CVE-2026-52782 (CVE-2026-52782). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52780 Vulnerability in CVE-2026-52780 (CVE-2026-52780)
vulnerability in CVE-2026-52780 (CVE-2026-52780). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-46386 Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
CVE-2026-0685 Vulnerability in CVE-2026-0685 (CVE-2026-0685)
vulnerability in CVE-2026-0685 (CVE-2026-0685). Successful exploitation can lead to full system takeover.
CVE-2025-11919 Vulnerability in CVE-2025-11919 (CVE-2025-11919)
vulnerability in CVE-2025-11919 (CVE-2025-11919). Confidential information can be exposed externally.
CVE-2026-54636 OS Command Injection in dokku (CVE-2026-54636)
OS command injection in dokku (CVE-2026-54636). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.7` or later.
CVE-2026-45408 OS Command Injection in dokku (CVE-2026-45408)
OS command injection in dokku (CVE-2026-45408). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
CVE-2026-45406 Vulnerability in dokku (CVE-2026-45406)
vulnerability in dokku (CVE-2026-45406). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
CVE-2026-45405 Vulnerability in dokku (CVE-2026-45405)
vulnerability in dokku (CVE-2026-45405). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
CVE-2026-57658 Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
CVE-2026-56068 Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
CVE-2026-56067 Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
CVE-2026-56070 Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
CVE-2026-56062 Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
CVE-2026-56059 Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.
Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.
CVE-2026-56057 Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
CVE-2026-56058 Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.
Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.
CVE-2026-56032 Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
CVE-2026-56030 Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
CVE-2026-56028 Vulnerability in privilege-escalation (CVE-2026-56028)
vulnerability in privilege-escalation (CVE-2026-56028). Successful exploitation can lead to full system takeover.
CVE-2026-56027 Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.
Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.
CVE-2026-56036 Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
CVE-2026-56033 Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
CVE-2026-56034 Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
CVE-2026-54827 Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.
Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.
CVE-2026-54831 Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
CVE-2026-54825 Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →