Vulnérabilités

Aggrégat CVE / GHSA / KEV / OSV — filtrage par étiquette et catégorie.

ID Titre
CVE-2026-54184 Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
CVE-2026-54803 Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
CVE-2026-54802 Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-54187 Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
CVE-2026-54805 Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
CVE-2026-54195 Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
CVE-2026-52698 Vulnérabilité dans CVE-2026-52698 (CVE-2026-52698)
vulnérabilité dans CVE-2026-52698 (CVE-2026-52698). Risque d'opérations non autorisées ou de divulgation.
CVE-2026-53876 Injection de commande OS dans CVE-2026-53876 (CVE-2026-53876)
injection de commande OS dans CVE-2026-53876 (CVE-2026-53876). L'exploitation peut entraîner la prise de contrôle totale du système.
CVE-2026-54192 Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
CVE-2026-52696 Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
CVE-2026-54189 Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
CVE-2026-52705 Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
CVE-2026-50203 Traversée de chemin dans apache-airflow-providers-sftp (CVE-2026-50203)
traversée de chemin dans apache-airflow-providers-sftp (CVE-2026-50203). Des informations confidentielles peuvent être exposées. Exploitable via ``SFTPHook.retrieve_directory``. Atténuation : mise à jour vers `5.8.1` ou plus.
CVE-2026-49107 Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
CVE-2026-49113 Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
CVE-2026-49767 Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
CVE-2026-49084 Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
CVE-2026-49058 Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
CVE-2026-49778 Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-49080 Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
CVE-2026-48967 Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
CVE-2026-49079 Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
CVE-2026-48929 Contournement d'authentification dans rocketchat (CVE-2026-48929)
contournement d'authentification dans rocketchat (CVE-2026-48929). Risque d'opérations non autorisées ou de divulgation.
CVE-2026-48616 Vulnérabilité dans rocketchat (CVE-2026-48616)
vulnérabilité dans rocketchat (CVE-2026-48616). Des informations confidentielles peuvent être exposées.
CVE-2026-49071 Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
CVE-2026-49073 Injection SQL dans sqli (CVE-2026-49073)
injection SQL dans sqli (CVE-2026-49073). Des informations confidentielles peuvent être exposées.
CVE-2026-49081 Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
CVE-2026-47340 Divulgation d'information dans org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-47340)
vulnérabilité dans org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-47340). Des informations confidentielles peuvent être exposées. Atténuation : mise à jour vers `3.4.2` ou plus.
CVE-2026-49072 Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.
CVE-2026-49075 Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
CVE-2026-49076 Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
CVE-2026-48869 Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
CVE-2026-49074 Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
CVE-2026-48875 Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
CVE-2026-49057 Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
CVE-2026-45436 Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
CVE-2026-42357 Autorisation incorrecte dans org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-42357)
vulnérabilité dans org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-42357). Des informations confidentielles peuvent être exposées. Atténuation : mise à jour vers `3.4.2` ou plus.
CVE-2026-42629 Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-42380 Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
CVE-2026-42385 Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
CVE-2026-40783 Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2026-40760 Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
CVE-2026-40761 Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
CVE-2026-40725 Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
CVE-2026-40747 Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
CVE-2026-40724 CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
CVE-2026-40746 Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
CVE-2026-40726 Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
CVE-2026-40731 Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
CVE-2026-41280 Autorisation incorrecte dans org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-41280)
vulnérabilité dans org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-41280). Les données peuvent être altérées par des attaquants. Atténuation : mise à jour vers `3.4.2` ou plus.

🍪 À propos des cookies

Nous utilisons des cookies pour conserver votre session, mémoriser la langue et améliorer le service.

En savoir plus →