Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-44163 Vulnerability in fluent-plugin-opentelemetry (CVE-2026-44163)
vulnerability in fluent-plugin-opentelemetry (CVE-2026-44163). Risk of unauthorized operations or information disclosure. Exploitable via ``in_opentelemetry``. Mitigation: upgrade to `0.5.3` or later.
CVE-2026-57231 Information Disclosure in podman-project (CVE-2026-57231)
vulnerability in podman-project (CVE-2026-57231). Confidential information can be exposed externally. Mitigation: upgrade to `5.8.4` or later.
CVE-2026-56823 Vulnerability in CVE-2026-56823 (CVE-2026-56823)
vulnerability in CVE-2026-56823 (CVE-2026-56823). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/integrations/webhooks/{webhook_id}/ping`.
CVE-2026-56663 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-56663)
SSRF in ssrf (CVE-2026-56663). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.6.52` or later.
CVE-2026-55677 Path Traversal in CVE-2026-55677 (CVE-2026-55677)
path traversal in CVE-2026-55677 (CVE-2026-55677). Confidential information can be exposed externally. Mitigation: upgrade to `4.15.3` or later.
CVE-2026-54636 OS Command Injection in dokku (CVE-2026-54636)
OS command injection in dokku (CVE-2026-54636). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.7` or later.
CVE-2026-45408 OS Command Injection in dokku (CVE-2026-45408)
OS command injection in dokku (CVE-2026-45408). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
CVE-2026-45407 Vulnerability in dokku (CVE-2026-45407)
vulnerability in dokku (CVE-2026-45407). Confidential information can be exposed externally. Mitigation: upgrade to `0.38.2` or later.
CVE-2026-45406 Vulnerability in dokku (CVE-2026-45406)
vulnerability in dokku (CVE-2026-45406). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
CVE-2026-45405 Vulnerability in dokku (CVE-2026-45405)
vulnerability in dokku (CVE-2026-45405). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
CVE-2026-28385 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-28385)
SSRF in ssrf (CVE-2026-28385). Risk of unauthorized operations or information disclosure.
CVE-2025-32423 Vulnerability in dos (CVE-2025-32423)
vulnerability in dos (CVE-2025-32423). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.32` or later.
CVE-2025-32394 Vulnerability in dos (CVE-2025-32394)
vulnerability in dos (CVE-2025-32394). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.32` or later.
CVE-2026-44162 Vulnerability in fluent-plugin-s3 (CVE-2026-44162)
vulnerability in fluent-plugin-s3 (CVE-2026-44162). Risk of unauthorized operations or information disclosure. Exploitable via ``in_s3``. Mitigation: upgrade to `1.8.5` or later.
CVE-2026-44161 SSRF (Server-Side Request Forgery) in fluentd (CVE-2026-44161)
SSRF in fluentd (CVE-2026-44161). Risk of unauthorized operations or information disclosure. Exploitable via ``out_http``. Mitigation: upgrade to `1.19.3` or later.
CVE-2026-44160 Vulnerability in fluentd (CVE-2026-44160)
vulnerability in fluentd (CVE-2026-44160). Risk of unauthorized operations or information disclosure. Exploitable via ``in_http``. Mitigation: upgrade to `1.19.3` or later.
CVE-2026-44025 Vulnerability in fluentd (CVE-2026-44025)
vulnerability in fluentd (CVE-2026-44025). Confidential information can be exposed externally. Exploitable via ``in_monitor_agent``. Mitigation: upgrade to `1.19.3` or later.
CVE-2026-44024 Path Traversal in fluentd (CVE-2026-44024)
path traversal in fluentd (CVE-2026-44024). Successful exploitation can lead to full system takeover. Exploitable via ``path``. Mitigation: upgrade to `1.19.3` or later.
CVE-2026-9640 Authorization Flaw in privilege-escalation (CVE-2026-9640)
vulnerability in privilege-escalation (CVE-2026-9640). Successful exploitation can lead to full system takeover.
CVE-2026-9639 Vulnerability in dos (CVE-2026-9639)
vulnerability in dos (CVE-2026-9639). Risk of unauthorized operations or information disclosure.
CVE-2026-12411 Vulnerability in canonical (CVE-2026-12411)
vulnerability in canonical (CVE-2026-12411). Confidential information can be exposed externally.
CVE-2026-9699 Vulnerability in CVE-2026-9699 (CVE-2026-9699)
vulnerability in CVE-2026-9699 (CVE-2026-9699). Confidential information can be exposed externally.
CVE-2026-57662 Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
CVE-2026-57657 Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
CVE-2026-57667 Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
CVE-2026-57660 Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
CVE-2026-57661 Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
CVE-2026-57658 Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
CVE-2026-57655 Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
CVE-2026-57663 Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
CVE-2026-57664 Vulnerability in CVE-2026-57664 (CVE-2026-57664)
vulnerability in CVE-2026-57664 (CVE-2026-57664). Risk of unauthorized operations or information disclosure.
CVE-2026-57659 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57659)
vulnerability in csrf (CVE-2026-57659). Successful exploitation can lead to full system takeover.
CVE-2026-57651 Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
CVE-2026-57647 Vulnerability in CVE-2026-57647 (CVE-2026-57647)
vulnerability in CVE-2026-57647 (CVE-2026-57647). Successful exploitation can lead to full system takeover.
CVE-2026-57665 Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
CVE-2026-57650 Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
CVE-2026-57653 Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
CVE-2026-57656 Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
CVE-2026-57649 Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.
Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.
CVE-2026-57648 Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.
Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.
CVE-2026-57652 Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
CVE-2026-57654 Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
CVE-2026-57646 Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
CVE-2026-57641 Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
CVE-2026-57644 Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
CVE-2026-57643 Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
CVE-2026-57645 newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
CVE-2026-57638 Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.
Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.
CVE-2026-57640 Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
CVE-2026-57642 Contributor SQL Injection in Gallery <= 4.7.8 versions.
Contributor SQL Injection in Gallery <= 4.7.8 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →