Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2021-47954 SQL Injection in sqli (CVE-2021-47954)
SQL injection in sqli (CVE-2021-47954). Confidential information can be exposed externally.
CVE-2021-47956 SQL Injection in sqli (CVE-2021-47956)
SQL injection in sqli (CVE-2021-47956). Confidential information can be exposed externally.
CVE-2020-37242 SQL Injection in sqli (CVE-2020-37242)
SQL injection in sqli (CVE-2020-37242). Confidential information can be exposed externally.
CVE-2020-37243 SQL Injection in sqli (CVE-2020-37243)
SQL injection in sqli (CVE-2020-37243). Confidential information can be exposed externally.
CVE-2020-37244 SQL Injection in sqli (CVE-2020-37244)
SQL injection in sqli (CVE-2020-37244). Confidential information can be exposed externally.
CVE-2020-37245 Cross-Site Scripting (XSS) in path-traversal (CVE-2020-37245)
cross-site scripting in path-traversal (CVE-2020-37245). Confidential information can be exposed externally.
CVE-2020-37231 Vulnerability in CVE-2020-37231 (CVE-2020-37231)
vulnerability in CVE-2020-37231 (CVE-2020-37231). Successful exploitation can lead to full system takeover.
CVE-2020-37232 Vulnerability in CVE-2020-37232 (CVE-2020-37232)
vulnerability in CVE-2020-37232 (CVE-2020-37232). Successful exploitation can lead to full system takeover.
CVE-2020-37230 Vulnerability in CVE-2020-37230 (CVE-2020-37230)
vulnerability in CVE-2020-37230 (CVE-2020-37230). Successful exploitation can lead to full system takeover.
CVE-2020-37229 Vulnerability in CVE-2020-37229 (CVE-2020-37229)
vulnerability in CVE-2020-37229 (CVE-2020-37229). Successful exploitation can lead to full system takeover.
CVE-2020-37227 Unrestricted File Upload in CVE-2020-37227 (CVE-2020-37227)
vulnerability in CVE-2020-37227 (CVE-2020-37227). Successful exploitation can lead to full system takeover.
CVE-2026-8657 Vulnerability in CVE-2026-8657 (CVE-2026-8657)
vulnerability in CVE-2026-8657 (CVE-2026-8657). Data can be tampered with by attackers.
CVE-2026-8700 Vulnerability in CVE-2026-8700 (CVE-2026-8700)
vulnerability in CVE-2026-8700 (CVE-2026-8700). Risk of unauthorized operations or information disclosure.
CVE-2026-8696 Use-After-Free in dos (CVE-2026-8696)
vulnerability in dos (CVE-2026-8696). Risk of unauthorized operations or information disclosure.
CVE-2026-8686 Out-of-Bounds Read in Amazon aws (CVE-2026-8686)
vulnerability in Amazon aws (CVE-2026-8686). Risk of unauthorized operations or information disclosure.
CVE-2026-46367 Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
CVE-2026-46407 Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's admin_id. This can disclo...
CVE-2026-46408 Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter t...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another u...
CVE-2026-46359 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2026-44826 Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positive...
CVE-2021-47964 Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
CVE-2021-47966 PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
CVE-2021-47963 Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
CVE-2026-45578 OS Command Injection in WWBN/AVideo (CVE-2026-45578)
OS command injection in WWBN/AVideo (CVE-2026-45578). Successful exploitation can lead to full system takeover. Exploitable via ``on_publish.php``.
CVE-2026-45575 Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45575)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45575). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.2` or later.
CVE-2026-46474 Vulnerability in CVE-2026-46474 (CVE-2026-46474)
vulnerability in CVE-2026-46474 (CVE-2026-46474). Confidential information can be exposed externally.
CVE-2026-8695 Use-After-Free in dos (CVE-2026-8695)
vulnerability in dos (CVE-2026-8695). Risk of unauthorized operations or information disclosure.
CVE-2026-45574 Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45574)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45574). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.2` or later.
CVE-2026-46491 Path Traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491)
path traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491). Data can be tampered with by attackers. Exploitable via ``ticket``. Mitigation: upgrade to `7.0.3` or later.
CVE-2026-44692 Vulnerability in code16/sharp (CVE-2026-44692)
vulnerability in code16/sharp (CVE-2026-44692). Confidential information can be exposed externally. Exploitable via `GET /sharp/{globalFilter}/download/{entityKey}/{instanceId`. Mitigation: upgrade to `9.22.0` or later.
CVE-2026-45717 Vulnerability in @budibase/server (CVE-2026-45717)
vulnerability in @budibase/server (CVE-2026-45717). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/datasources/`. Mitigation: upgrade to `3.38.1` or later.
CVE-2026-45715 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-45715)
SSRF in @budibase/server (CVE-2026-45715). Confidential information can be exposed externally. Exploitable via `POST /api/queries/preview`. Mitigation: upgrade to `3.38.1` or later.
CVE-2026-45548 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-45548)
SSRF in @budibase/server (CVE-2026-45548). Confidential information can be exposed externally. Exploitable via ``processUrlFile``. Mitigation: upgrade to `3.34.8` or later.
CVE-2026-45364 Vulnerability in better-auth (CVE-2026-45364)
vulnerability in better-auth (CVE-2026-45364). Risk of unauthorized operations or information disclosure. Exploitable via ``normalizeIP``. Mitigation: upgrade to `1.5.0-beta.9` or later.
CVE-2026-45037 Vulnerability in tabby (CVE-2026-45037)
vulnerability in tabby (CVE-2026-45037). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.232` or later.
CVE-2026-45038 Vulnerability in tabby (CVE-2026-45038)
vulnerability in tabby (CVE-2026-45038). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.233` or later.
CVE-2026-45539 Information Disclosure in apm (CVE-2026-45539)
vulnerability in apm (CVE-2026-45539). Confidential information can be exposed externally. Exploitable via ``content_hash``. Mitigation: upgrade to `0.13.0` or later.
CVE-2026-45036 OS Command Injection in tabby (CVE-2026-45036)
OS command injection in tabby (CVE-2026-45036). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.233` or later.
CVE-2026-45035 OS Command Injection in tabby (CVE-2026-45035)
OS command injection in tabby (CVE-2026-45035). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.233` or later.
CVE-2026-44641 Path Traversal in apm-cli (CVE-2026-44641)
path traversal in apm-cli (CVE-2026-44641). Confidential information can be exposed externally. Exploitable via ``agents``. Mitigation: upgrade to `0.8.12` or later.
CVE-2026-45062 Vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062)
vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062). Successful exploitation can lead to full system takeover. Exploitable via ``cgi.go``. Mitigation: upgrade to `1.12.3` or later.
CVE-2026-44716 Path Traversal in pipecat-ai (CVE-2026-44716)
path traversal in pipecat-ai (CVE-2026-44716). Confidential information can be exposed externally. Exploitable via `GET /files/{filename`. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-41147 Cross-Site Scripting (XSS) in nukeviet/nukeviet (CVE-2026-41147)
cross-site scripting in nukeviet/nukeviet (CVE-2026-41147). Confidential information can be exposed externally. Exploitable via ``srcdoc``.
CVE-2026-40092 Vulnerability in nimiq-keys (CVE-2026-40092)
vulnerability in nimiq-keys (CVE-2026-40092). Risk of unauthorized operations or information disclosure. Exploitable via ``TaggedPublicKey``.
CVE-2026-22810 Vulnerability in @joplin/onenote-converter (CVE-2026-22810)
vulnerability in @joplin/onenote-converter (CVE-2026-22810). Successful exploitation can lead to full system takeover. Exploitable via ``embedded_file.rs``. Mitigation: upgrade to `3.5.7` or later.
CVE-2026-46508 Command Injection in vercel (CVE-2026-46508)
command injection in vercel (CVE-2026-46508). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.14000` or later.
CVE-2026-35194 Code Injection in flink (CVE-2026-35194)
code injection in flink (CVE-2026-35194). Confidential information can be exposed externally. Mitigation: upgrade to `1.20.4, 2.0.2, 2.1.1, 2.2.1` or later.
CVE-2026-38728 Vulnerability in smtp-server (CVE-2026-38728)
vulnerability in smtp-server (CVE-2026-38728). Risk of unauthorized operations or information disclosure. Exploitable via ``_remainder``. Mitigation: upgrade to `3.18.3` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →