Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-39598 |
|
Unrestricted File Upload in CVE-2026-39598 (CVE-2026-39598)
vulnerability in CVE-2026-39598 (CVE-2026-39598). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25446 |
|
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
|
| CVE-2026-27041 |
|
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
|
| CVE-2026-22327 |
|
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
|
| CVE-2025-69129 |
|
Unrestricted File Upload in wordpress (CVE-2025-69129)
vulnerability in wordpress (CVE-2025-69129). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60218 |
|
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
|
| CVE-2024-52488 |
|
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
|
| CVE-2025-59872 |
|
Vulnerability in hcltech (CVE-2025-59872)
vulnerability in hcltech (CVE-2025-59872). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40750 |
|
Unrestricted File Upload in CVE-2026-40750 (CVE-2026-40750)
vulnerability in CVE-2026-40750 (CVE-2026-40750). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6933 |
|
Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40772 |
|
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
|
| CVE-2026-39527 |
|
Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
|
| CVE-2026-39591 |
|
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
|
| CVE-2026-50873 |
|
Unrestricted File Upload in CVE-2026-50873 (CVE-2026-50873)
vulnerability in CVE-2026-50873 (CVE-2026-50873). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25436 |
|
Unrestricted File Upload in wordpress (CVE-2018-25436)
vulnerability in wordpress (CVE-2018-25436). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5482 |
|
Unrestricted File Upload in CVE-2026-5482 (CVE-2026-5482)
vulnerability in CVE-2026-5482 (CVE-2026-5482). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34027 |
|
Unrestricted File Upload in CVE-2026-34027 (CVE-2026-34027)
vulnerability in CVE-2026-34027 (CVE-2026-34027). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53724 |
|
Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
cross-site scripting in parse-server (CVE-2026-53724). Risk of unauthorized operations or information disclosure. Exploitable via ``poc.svg.``. Mitigation: upgrade to `8.6.79` or later.
|
| CVE-2026-53787 |
|
Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6211 |
|
Unrestricted File Upload in CVE-2026-6211 (CVE-2026-6211)
vulnerability in CVE-2026-6211 (CVE-2026-6211). Confidential information can be exposed externally.
|
| CVE-2026-46489 |
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every...
|
| CVE-2026-11839 |
|
Unrestricted File Upload in CVE-2026-11839 (CVE-2026-11839)
vulnerability in CVE-2026-11839 (CVE-2026-11839). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7852 |
|
Unrestricted File Upload in CVE-2026-7852 (CVE-2026-7852)
vulnerability in CVE-2026-7852 (CVE-2026-7852). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9067 |
|
Unrestricted File Upload in wordpress (CVE-2026-9067)
vulnerability in wordpress (CVE-2026-9067). Confidential information can be exposed externally.
|
| CVE-2026-36722 |
|
Unrestricted File Upload in CVE-2026-36722 (CVE-2026-36722)
vulnerability in CVE-2026-36722 (CVE-2026-36722). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40808 |
|
Unrestricted File Upload in dos (CVE-2025-40808)
vulnerability in dos (CVE-2025-40808). Data can be tampered with by attackers.
|
| CVE-2026-33582 |
|
Unrestricted File Upload in apache (CVE-2026-33582)
vulnerability in apache (CVE-2026-33582). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34031 |
|
Unrestricted File Upload in apache (CVE-2026-34031)
vulnerability in apache (CVE-2026-34031). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11621 |
|
Vulnerability in CVE-2026-11621 (CVE-2026-11621)
vulnerability in CVE-2026-11621 (CVE-2026-11621). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-58349 |
|
Unrestricted File Upload in wordpress (CVE-2024-58349)
vulnerability in wordpress (CVE-2024-58349). Successful exploitation can lead to full system takeover.
|
| CVE-2024-58348 |
|
Unrestricted File Upload in wordpress (CVE-2024-58348)
vulnerability in wordpress (CVE-2024-58348). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11474 |
|
Vulnerability in CVE-2026-11474 (CVE-2026-11474)
vulnerability in CVE-2026-11474 (CVE-2026-11474). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7537 |
|
Unrestricted File Upload in wordpress (CVE-2026-7537)
vulnerability in wordpress (CVE-2026-7537). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46400 |
|
Unrestricted File Upload in CVE-2026-46400 (CVE-2026-46400)
vulnerability in CVE-2026-46400 (CVE-2026-46400). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11419 |
|
Path Traversal in path-traversal (CVE-2026-11419)
path traversal in path-traversal (CVE-2026-11419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5411 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-46392 |
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
| CVE-2026-11344 |
|
Vulnerability in CVE-2026-11344 (CVE-2026-11344)
vulnerability in CVE-2026-11344 (CVE-2026-11344). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11333 |
|
Vulnerability in CVE-2026-11333 (CVE-2026-11333)
vulnerability in CVE-2026-11333 (CVE-2026-11333). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42538 |
|
Unrestricted File Upload in CVE-2026-42538 (CVE-2026-42538)
vulnerability in CVE-2026-42538 (CVE-2026-42538). Confidential information can be exposed externally.
|
| CVE-2026-10806 |
|
Vulnerability in CVE-2026-10806 (CVE-2026-10806)
vulnerability in CVE-2026-10806 (CVE-2026-10806). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10807 |
|
Vulnerability in CVE-2026-10807 (CVE-2026-10807)
vulnerability in CVE-2026-10807 (CVE-2026-10807). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40548 |
|
Unrestricted File Upload in path-traversal (CVE-2026-40548)
vulnerability in path-traversal (CVE-2026-40548). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10205 |
|
Vulnerability in CVE-2026-10205 (CVE-2026-10205)
vulnerability in CVE-2026-10205 (CVE-2026-10205). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10172 |
|
Vulnerability in CVE-2026-10172 (CVE-2026-10172)
vulnerability in CVE-2026-10172 (CVE-2026-10172). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25409 |
|
Unrestricted File Upload in CVE-2018-25409 (CVE-2018-25409)
vulnerability in CVE-2018-25409 (CVE-2018-25409). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25388 |
|
Unrestricted File Upload in CVE-2018-25388 (CVE-2018-25388)
vulnerability in CVE-2018-25388 (CVE-2018-25388). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39292 |
|
Unrestricted File Upload in CVE-2026-39292 (CVE-2026-39292)
vulnerability in CVE-2026-39292 (CVE-2026-39292). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10072 |
|
Unrestricted File Upload in CVE-2026-10072 (CVE-2026-10072)
vulnerability in CVE-2026-10072 (CVE-2026-10072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10071 |
|
Unrestricted File Upload in CVE-2026-10071 (CVE-2026-10071)
vulnerability in CVE-2026-10071 (CVE-2026-10071). Successful exploitation can lead to full system takeover.
|