Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46493 |
|
Vulnerability in CVE-2026-46493 (CVE-2026-46493)
vulnerability in CVE-2026-46493 (CVE-2026-46493). Confidential information can be exposed externally. Exploitable via ``uniqid``.
|
| CVE-2026-46401 |
|
Vulnerability in CVE-2026-46401 (CVE-2026-46401)
vulnerability in CVE-2026-46401 (CVE-2026-46401). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46400 |
|
Unrestricted File Upload in CVE-2026-46400 (CVE-2026-46400)
vulnerability in CVE-2026-46400 (CVE-2026-46400). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46397 |
|
Path Traversal in CVE-2026-46397 (CVE-2026-46397)
path traversal in CVE-2026-46397 (CVE-2026-46397). Confidential information can be exposed externally.
|
| CVE-2026-46398 |
|
Vulnerability in CVE-2026-46398 (CVE-2026-46398)
vulnerability in CVE-2026-46398 (CVE-2026-46398). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5415 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-5411 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-46394 |
|
OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
OS command injection in CVE-2026-46394 (CVE-2026-46394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46399 |
|
Vulnerability in CVE-2026-46399 (CVE-2026-46399)
vulnerability in CVE-2026-46399 (CVE-2026-46399). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46392 |
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
| CVE-2026-46390 |
|
Vulnerability in CVE-2026-46390 (CVE-2026-46390)
vulnerability in CVE-2026-46390 (CVE-2026-46390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11342 |
|
Vulnerability in sqli (CVE-2026-11342)
vulnerability in sqli (CVE-2026-11342). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11344 |
|
Vulnerability in CVE-2026-11344 (CVE-2026-11344)
vulnerability in CVE-2026-11344 (CVE-2026-11344). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11337 |
|
Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
cross-site scripting in CVE-2026-11337 (CVE-2026-11337). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11336 |
|
Vulnerability in CVE-2026-11336 (CVE-2026-11336)
vulnerability in CVE-2026-11336 (CVE-2026-11336). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11335 |
|
Vulnerability in CVE-2026-11335 (CVE-2026-11335)
vulnerability in CVE-2026-11335 (CVE-2026-11335). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11333 |
|
Vulnerability in CVE-2026-11333 (CVE-2026-11333)
vulnerability in CVE-2026-11333 (CVE-2026-11333). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38579 |
|
Cross-Site Scripting (XSS) in CVE-2026-38579 (CVE-2026-38579)
cross-site scripting in CVE-2026-38579 (CVE-2026-38579). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11334 |
|
Vulnerability in sqli (CVE-2026-11334)
vulnerability in sqli (CVE-2026-11334). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48907 KEV |
|
[KEV] Vulnerability in widget factory (CVE-2026-48907)
vulnerability in widget factory (CVE-2026-48907). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-10877 |
|
Vulnerability in sqli (CVE-2026-10877)
vulnerability in sqli (CVE-2026-10877). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10874 |
|
Vulnerability in sqli (CVE-2026-10874)
vulnerability in sqli (CVE-2026-10874). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10815 |
|
Vulnerability in CVE-2026-10815 (CVE-2026-10815)
vulnerability in CVE-2026-10815 (CVE-2026-10815). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10811 |
|
Vulnerability in sqli (CVE-2026-10811)
vulnerability in sqli (CVE-2026-10811). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10863 |
|
Vulnerability in sqli (CVE-2026-10863)
vulnerability in sqli (CVE-2026-10863). Confidential information can be exposed externally.
|
| CVE-2026-10810 |
|
Cross-Site Scripting (XSS) in CVE-2026-10810 (CVE-2026-10810)
cross-site scripting in CVE-2026-10810 (CVE-2026-10810). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10807 |
|
Vulnerability in CVE-2026-10807 (CVE-2026-10807)
vulnerability in CVE-2026-10807 (CVE-2026-10807). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10809 |
|
Vulnerability in sqli (CVE-2026-10809)
vulnerability in sqli (CVE-2026-10809). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10808 |
|
Vulnerability in sqli (CVE-2026-10808)
vulnerability in sqli (CVE-2026-10808). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10806 |
|
Vulnerability in CVE-2026-10806 (CVE-2026-10806)
vulnerability in CVE-2026-10806 (CVE-2026-10806). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25738 |
|
Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25744 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2019-25744)
cross-site scripting in wordpress (CVE-2019-25744). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25734 |
|
Path Traversal in csrf (CVE-2019-25734)
path traversal in csrf (CVE-2019-25734). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25730 |
|
SQL Injection in sqli (CVE-2019-25730)
SQL injection in sqli (CVE-2019-25730). Confidential information can be exposed externally.
|
| CVE-2019-25732 |
|
SQL Injection in sqli (CVE-2019-25732)
SQL injection in sqli (CVE-2019-25732). Confidential information can be exposed externally.
|
| CVE-2019-25729 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2019-25729)
vulnerability in csrf (CVE-2019-25729). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25728 |
|
SQL Injection in sqli (CVE-2019-25728)
SQL injection in sqli (CVE-2019-25728). Confidential information can be exposed externally.
|
| CVE-2019-25727 |
|
Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10737 |
|
Vulnerability in wordpress (CVE-2026-10737)
vulnerability in wordpress (CVE-2026-10737). Confidential information can be exposed externally.
|
| CVE-2026-10777 |
|
A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
|
| CVE-2026-7888 |
|
Unsafe Deserialization in CVE-2026-7888 (CVE-2026-7888)
vulnerability in CVE-2026-7888 (CVE-2026-7888). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10704 |
|
Vulnerability in sqli (CVE-2026-10704)
vulnerability in sqli (CVE-2026-10704). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10694 |
|
Vulnerability in CVE-2026-10694 (CVE-2026-10694)
vulnerability in CVE-2026-10694 (CVE-2026-10694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25861 |
|
Vulnerability in CVE-2026-25861 (CVE-2026-25861)
vulnerability in CVE-2026-25861 (CVE-2026-25861). Confidential information can be exposed externally.
|
| CVE-2026-10620 |
|
Vulnerability in sqli (CVE-2026-10620)
vulnerability in sqli (CVE-2026-10620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10624 |
|
Vulnerability in CVE-2026-10624 (CVE-2026-10624)
vulnerability in CVE-2026-10624 (CVE-2026-10624). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1829 |
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
| CVE-2026-10607 |
|
Vulnerability in sqli (CVE-2026-10607)
vulnerability in sqli (CVE-2026-10607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10608 |
|
Vulnerability in sqli (CVE-2026-10608)
vulnerability in sqli (CVE-2026-10608). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10606 |
|
Vulnerability in sqli (CVE-2026-10606)
vulnerability in sqli (CVE-2026-10606). Risk of unauthorized operations or information disclosure.
|