Vulnérabilités
Aggrégat CVE / GHSA / KEV / OSV — filtrage par étiquette et catégorie.
| ID | Titre | |
|---|---|---|
| CVE-2026-40738 |
|
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
|
| CVE-2025-69130 |
|
Désérialisation non sécurisée dans wordpress (CVE-2025-69130)
vulnérabilité dans wordpress (CVE-2025-69130). L'exploitation peut entraîner la prise de contrôle totale du système.
|
| CVE-2025-69175 |
|
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
|
| CVE-2026-39442 |
|
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
|
| CVE-2026-39556 |
|
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
|
| CVE-2025-69128 |
|
Traversée de chemin dans path-traversal (CVE-2025-69128)
traversée de chemin dans path-traversal (CVE-2025-69128). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-39590 |
|
Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
|
| CVE-2025-69144 |
|
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
|
| CVE-2025-69126 |
|
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
|
| CVE-2025-69158 |
|
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
|
| CVE-2025-69166 |
|
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
|
| CVE-2025-68524 |
|
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
|
| CVE-2025-69140 |
|
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
|
| CVE-2025-69115 |
|
Vulnérabilité dans wordpress (CVE-2025-69115)
vulnérabilité dans wordpress (CVE-2025-69115). L'exploitation peut entraîner la prise de contrôle totale du système.
|
| CVE-2025-69123 |
|
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
|
| CVE-2025-69157 |
|
Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
|
| CVE-2025-69120 |
|
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
|
| CVE-2025-69106 |
|
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
|
| CVE-2025-69189 |
|
Vulnérabilité dans CVE-2025-69189 (CVE-2025-69189)
vulnérabilité dans CVE-2025-69189 (CVE-2025-69189). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2025-69174 |
|
Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
|
| CVE-2025-69170 |
|
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
|
| CVE-2025-69111 |
|
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
|
| CVE-2025-59554 |
|
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
|
| CVE-2026-8607 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-8607)
XSS dans wordpress (CVE-2026-8607). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2025-60231 |
|
Désérialisation non sécurisée dans deserialization (CVE-2025-60231)
vulnérabilité dans deserialization (CVE-2025-60231). L'exploitation peut entraîner la prise de contrôle totale du système.
|
| CVE-2025-60229 |
|
Désérialisation non sécurisée dans deserialization (CVE-2025-60229)
vulnérabilité dans deserialization (CVE-2025-60229). L'exploitation peut entraîner la prise de contrôle totale du système.
|
| CVE-2025-66391 |
|
Vulnérabilité dans CVE-2025-66391 (CVE-2025-66391)
vulnérabilité dans CVE-2025-66391 (CVE-2025-66391). L'exploitation peut entraîner la prise de contrôle totale du système.
|
| CVE-2025-69127 |
|
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
|
| CVE-2025-60236 |
|
Désérialisation non sécurisée dans deserialization (CVE-2025-60236)
vulnérabilité dans deserialization (CVE-2025-60236). L'exploitation peut entraîner la prise de contrôle totale du système.
|
| CVE-2025-15657 |
|
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
|
| CVE-2026-9570 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-9570)
XSS dans wordpress (CVE-2026-9570). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2025-69164 |
|
Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
|
| CVE-2026-9690 |
|
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
|
| CVE-2026-8494 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-8494)
XSS dans wordpress (CVE-2026-8494). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-8383 |
|
Vulnérabilité dans wordpress (CVE-2026-8383)
vulnérabilité dans wordpress (CVE-2026-8383). Risque d'opérations non autorisées ou de divulgation. Exploitable via ``edit``.
|
| CVE-2025-60230 |
|
Désérialisation non sécurisée dans deserialization (CVE-2025-60230)
vulnérabilité dans deserialization (CVE-2025-60230). L'exploitation peut entraîner la prise de contrôle totale du système.
|
| CVE-2026-8089 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-8089)
XSS dans wordpress (CVE-2026-8089). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-7850 |
|
Vulnérabilité dans wordpress (CVE-2026-7850)
vulnérabilité dans wordpress (CVE-2026-7850). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-54807 |
|
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
|
| CVE-2026-54804 |
|
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
|
| CVE-2026-54811 |
|
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
|
| CVE-2026-54194 |
|
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
|
| CVE-2026-52706 |
|
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
|
| CVE-2026-54185 |
|
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
|
| CVE-2026-54196 |
|
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
|
| CVE-2026-8317 |
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
| CVE-2026-54186 |
|
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
|
| CVE-2026-54806 |
|
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
|
| CVE-2026-55706 |
|
Vulnérabilité dans c (CVE-2026-55706)
vulnérabilité dans c (CVE-2026-55706). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-54188 |
|
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
|