Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-11456 Vulnerability in sqli (CVE-2026-11456)
vulnerability in sqli (CVE-2026-11456). Risk of unauthorized operations or information disclosure.
CVE-2026-11452 Vulnerability in CVE-2026-11452 (CVE-2026-11452)
vulnerability in CVE-2026-11452 (CVE-2026-11452). Risk of unauthorized operations or information disclosure.
CVE-2026-11451 Vulnerability in CVE-2026-11451 (CVE-2026-11451)
vulnerability in CVE-2026-11451 (CVE-2026-11451). Risk of unauthorized operations or information disclosure.
CVE-2026-11450 Vulnerability in CVE-2026-11450 (CVE-2026-11450)
vulnerability in CVE-2026-11450 (CVE-2026-11450). Risk of unauthorized operations or information disclosure.
CVE-2026-26422 Vulnerability in privilege-escalation (CVE-2026-26422)
vulnerability in privilege-escalation (CVE-2026-26422). Successful exploitation can lead to full system takeover.
CVE-2026-11437 SSRF (Server-Side Request Forgery) in CVE-2026-11437 (CVE-2026-11437)
SSRF in CVE-2026-11437 (CVE-2026-11437). Risk of unauthorized operations or information disclosure.
CVE-2026-11435 Vulnerability in sqli (CVE-2026-11435)
vulnerability in sqli (CVE-2026-11435). Risk of unauthorized operations or information disclosure.
CVE-2026-11413 Buffer Overflow in CVE-2026-11413 (CVE-2026-11413)
vulnerability in CVE-2026-11413 (CVE-2026-11413). Successful exploitation can lead to full system takeover.
CVE-2026-10725 Vulnerability in crux (CVE-2026-10725)
vulnerability in crux (CVE-2026-10725). Risk of unauthorized operations or information disclosure.
CVE-2026-9851 Vulnerability in wordpress (CVE-2026-9851)
vulnerability in wordpress (CVE-2026-9851). Successful exploitation can lead to full system takeover.
CVE-2025-2415 Vulnerability in CVE-2025-2415 (CVE-2025-2415)
vulnerability in CVE-2025-2415 (CVE-2025-2415). Confidential information can be exposed externally.
CVE-2025-2414 Vulnerability in CVE-2025-2414 (CVE-2025-2414)
vulnerability in CVE-2025-2414 (CVE-2025-2414). Confidential information can be exposed externally.
CVE-2026-7537 Unrestricted File Upload in wordpress (CVE-2026-7537)
vulnerability in wordpress (CVE-2026-7537). Successful exploitation can lead to full system takeover.
CVE-2026-8901 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8901)
cross-site scripting in wordpress (CVE-2026-8901). Risk of unauthorized operations or information disclosure.
CVE-2026-8438 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8438)
cross-site scripting in wordpress (CVE-2026-8438). Risk of unauthorized operations or information disclosure.
CVE-2026-9290 Path Traversal in wordpress (CVE-2026-9290)
path traversal in wordpress (CVE-2026-9290). Confidential information can be exposed externally.
CVE-2026-7654 Unsafe Deserialization in wordpress (CVE-2026-7654)
vulnerability in wordpress (CVE-2026-7654). Successful exploitation can lead to full system takeover. Exploitable via ``allowed_classes``.
CVE-2026-11416 Path Traversal in path-traversal (CVE-2026-11416)
path traversal in path-traversal (CVE-2026-11416). Data can be tampered with by attackers.
CVE-2026-36785 Vulnerability in dos (CVE-2026-36785)
vulnerability in dos (CVE-2026-36785). Risk of unauthorized operations or information disclosure.
CVE-2026-11422 Vulnerability in CVE-2026-11422 (CVE-2026-11422)
vulnerability in CVE-2026-11422 (CVE-2026-11422). Confidential information can be exposed externally.
CVE-2026-11400 CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CVE-2026-46493 Vulnerability in CVE-2026-46493 (CVE-2026-46493)
vulnerability in CVE-2026-46493 (CVE-2026-46493). Confidential information can be exposed externally. Exploitable via ``uniqid``.
CVE-2026-11419 Path Traversal in path-traversal (CVE-2026-11419)
path traversal in path-traversal (CVE-2026-11419). Successful exploitation can lead to full system takeover.
CVE-2026-11401 AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-46392 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
CVE-2026-50733 Vulnerability in CVE-2026-50733 (CVE-2026-50733)
vulnerability in CVE-2026-50733 (CVE-2026-50733). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
CVE-2026-49493 Code Injection in CVE-2026-49493 (CVE-2026-49493)
code injection in CVE-2026-49493 (CVE-2026-49493). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
CVE-2026-49492 OS Command Injection in CVE-2026-49492 (CVE-2026-49492)
OS command injection in CVE-2026-49492 (CVE-2026-49492). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
CVE-2026-45749 Vulnerability in termix (CVE-2026-45749)
vulnerability in termix (CVE-2026-45749). Confidential information can be exposed externally. Exploitable via `POST /users/totp/disable`.
CVE-2026-45745 Vulnerability in termix (CVE-2026-45745)
vulnerability in termix (CVE-2026-45745). Confidential information can be exposed externally.
CVE-2026-45743 Vulnerability in termix (CVE-2026-45743)
vulnerability in termix (CVE-2026-45743). Confidential information can be exposed externally. Exploitable via ``sessionId``.
CVE-2026-45291 Vulnerability in CVE-2026-45291 (CVE-2026-45291)
vulnerability in CVE-2026-45291 (CVE-2026-45291). Risk of unauthorized operations or information disclosure.
CVE-2026-45290 Vulnerability in CVE-2026-45290 (CVE-2026-45290)
vulnerability in CVE-2026-45290 (CVE-2026-45290). Risk of unauthorized operations or information disclosure.
CVE-2026-36501 Vulnerability in dos (CVE-2026-36501)
vulnerability in dos (CVE-2026-36501). Risk of unauthorized operations or information disclosure.
CVE-2026-11344 Vulnerability in CVE-2026-11344 (CVE-2026-11344)
vulnerability in CVE-2026-11344 (CVE-2026-11344). Risk of unauthorized operations or information disclosure.
CVE-2026-11342 Vulnerability in sqli (CVE-2026-11342)
vulnerability in sqli (CVE-2026-11342). Risk of unauthorized operations or information disclosure.
CVE-2025-5088 Privilege Escalation in CVE-2025-5088 (CVE-2025-5088)
vulnerability in CVE-2025-5088 (CVE-2025-5088). Confidential information can be exposed externally.
CVE-2026-48017 Code Injection in dbgate-api (CVE-2026-48017)
code injection in dbgate-api (CVE-2026-48017). Successful exploitation can lead to full system takeover. Exploitable via `POST /runners/load-reader`. Mitigation: upgrade to `7.1.9` or later.
CVE-2026-47684 SSRF (Server-Side Request Forgery) in @sync-in/server (CVE-2026-47684)
SSRF in @sync-in/server (CVE-2026-47684). Confidential information can be exposed externally. Mitigation: upgrade to `2.3.0` or later.
CVE-2026-11334 Vulnerability in sqli (CVE-2026-11334)
vulnerability in sqli (CVE-2026-11334). Risk of unauthorized operations or information disclosure.
CVE-2026-48095 Vulnerability in dos (CVE-2026-48095)
vulnerability in dos (CVE-2026-48095). Successful exploitation can lead to full system takeover.
CVE-2026-50234 Path Traversal in c (CVE-2026-50234)
path traversal in c (CVE-2026-50234). Confidential information can be exposed externally.
CVE-2026-50232 Cross-Site Scripting (XSS) in CVE-2026-50232 (CVE-2026-50232)
cross-site scripting in CVE-2026-50232 (CVE-2026-50232). Risk of unauthorized operations or information disclosure.
CVE-2026-50231 Cross-Site Scripting (XSS) in CVE-2026-50231 (CVE-2026-50231)
cross-site scripting in CVE-2026-50231 (CVE-2026-50231). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
CVE-2026-50264 Out-of-Bounds Write in privilege-escalation (CVE-2026-50264)
out-of-bounds write in privilege-escalation (CVE-2026-50264). Successful exploitation can lead to full system takeover.
CVE-2026-50261 Use-After-Free in privilege-escalation (CVE-2026-50261)
vulnerability in privilege-escalation (CVE-2026-50261). Successful exploitation can lead to full system takeover.
CVE-2026-50260 Use-After-Free in privilege-escalation (CVE-2026-50260)
vulnerability in privilege-escalation (CVE-2026-50260). Successful exploitation can lead to full system takeover.
CVE-2026-50259 Vulnerability in privilege-escalation (CVE-2026-50259)
vulnerability in privilege-escalation (CVE-2026-50259). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →