Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42753 |
|
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
|
| CVE-2026-42749 |
|
Vulnerability in CVE-2026-42749 (CVE-2026-42749)
vulnerability in CVE-2026-42749 (CVE-2026-42749). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42745 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
| CVE-2026-42735 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
|
| CVE-2026-8994 |
|
Authentication Bypass in wordpress (CVE-2026-8994)
authentication bypass in wordpress (CVE-2026-8994). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv``.
|
| CVE-2026-8760 |
|
Vulnerability in wordpress (CVE-2026-8760)
vulnerability in wordpress (CVE-2026-8760). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42013 |
|
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name ...
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name ...
|
| CVE-2026-8890 |
|
Vulnerability in CVE-2026-8890 (CVE-2026-8890)
vulnerability in CVE-2026-8890 (CVE-2026-8890). Confidential information can be exposed externally.
|
| CVE-2026-45217 |
|
Vulnerability in CVE-2026-45217 (CVE-2026-45217)
vulnerability in CVE-2026-45217 (CVE-2026-45217). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25361 |
|
Vulnerability in CVE-2018-25361 (CVE-2018-25361)
vulnerability in CVE-2018-25361 (CVE-2018-25361). Confidential information can be exposed externally.
|
| CVE-2026-9058 |
|
Vulnerability in CVE-2026-9058 (CVE-2026-9058)
vulnerability in CVE-2026-9058 (CVE-2026-9058). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9398 |
|
Authentication Bypass in CVE-2026-9398 (CVE-2026-9398)
authentication bypass in CVE-2026-9398 (CVE-2026-9398). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33843 |
|
Vulnerability in microsoft (CVE-2026-33843)
vulnerability in microsoft (CVE-2026-33843). Confidential information can be exposed externally.
|
| CVE-2026-41076 |
|
Authentication Bypass in CVE-2026-41076 (CVE-2026-41076)
authentication bypass in CVE-2026-41076 (CVE-2026-41076). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13477 |
|
Vulnerability in CVE-2025-13477 (CVE-2025-13477)
vulnerability in CVE-2025-13477 (CVE-2025-13477). Confidential information can be exposed externally.
|
| CVE-2026-44058 |
|
Authentication Bypass in CVE-2026-44058 (CVE-2026-44058)
authentication bypass in CVE-2026-44058 (CVE-2026-44058). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40165 |
|
Vulnerability in authentik (CVE-2026-40165)
vulnerability in authentik (CVE-2026-40165). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
|
| CVE-2026-9141 |
|
Vulnerability in CVE-2026-9141 (CVE-2026-9141)
vulnerability in CVE-2026-9141 (CVE-2026-9141). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39310 |
|
Vulnerability in csrf (CVE-2026-39310)
vulnerability in csrf (CVE-2026-39310). Data can be tampered with by attackers.
|
| CVE-2026-35675 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35675)
vulnerability in thorsten/phpmyfaq (CVE-2026-35675). Data can be tampered with by attackers. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-35672 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35672)
vulnerability in thorsten/phpmyfaq (CVE-2026-35672). Data can be tampered with by attackers. Exploitable via `POST /api/v4.0/faq/create`. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-24206 |
|
Vulnerability in dos (CVE-2026-24206)
vulnerability in dos (CVE-2026-24206). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24207 |
|
Vulnerability in dos (CVE-2026-24207)
vulnerability in dos (CVE-2026-24207). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36829 |
|
Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30950 |
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack...
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, t...
|
| CVE-2026-46366 |
|
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
|
| CVE-2026-44699 |
|
Vulnerability in c (CVE-2026-44699)
vulnerability in c (CVE-2026-44699). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.3` or later.
|
| CVE-2026-5229 |
|
Authentication Bypass in wordpress (CVE-2026-5229)
authentication bypass in wordpress (CVE-2026-5229). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2652 |
|
Vulnerability in mlflow (CVE-2026-2652)
vulnerability in mlflow (CVE-2026-2652). Data can be tampered with by attackers. Mitigation: upgrade to `3.10.0` or later.
|
| CVE-2026-45248 |
|
Vulnerability in hedera (CVE-2026-45248)
vulnerability in hedera (CVE-2026-45248). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/demo/registered-users`.
|
| CVE-2026-8621 |
|
Authentication Bypass in github.com/openclaw/crabbox (CVE-2026-8621)
authentication bypass in github.com/openclaw/crabbox (CVE-2026-8621). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.12.0` or later.
|
| CVE-2026-26062 |
|
Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062). Risk of unauthorized operations or information disclosure. Exploitable via ``PublishLogs``. Mitigation: upgrade to `4.81.0` or later.
|
| CVE-2026-24000 |
|
Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.80.1` or later.
|
| CVE-2026-6510 |
|
Vulnerability in wordpress (CVE-2026-6510)
vulnerability in wordpress (CVE-2026-6510). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8181 |
|
Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-42602 |
|
Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602)
vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602). Data can be tampered with by attackers. Exploitable via `POST /v1/traces`.
|
| CVE-2026-0257 KEV |
|
[KEV] Vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257)
vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2026-0265 |
|
Vulnerability in CVE-2026-0265 (CVE-2026-0265)
vulnerability in CVE-2026-0265 (CVE-2026-0265). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37220 |
|
Vulnerability in CVE-2020-37220 (CVE-2020-37220)
vulnerability in CVE-2020-37220 (CVE-2020-37220). Confidential information can be exposed externally.
|
| CVE-2026-42889 |
|
Vulnerability in CVE-2026-42889 (CVE-2026-42889)
vulnerability in CVE-2026-42889 (CVE-2026-42889). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.7` or later.
|
| CVE-2026-35422 |
|
Vulnerability in microsoft (CVE-2026-35422)
vulnerability in microsoft (CVE-2026-35422). Data can be tampered with by attackers.
|
| CVE-2026-44196 |
|
Authentication Bypass in CVE-2026-44196 (CVE-2026-44196)
authentication bypass in CVE-2026-44196 (CVE-2026-44196). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.3` or later.
|
| CVE-2026-43512 |
|
Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-30805 |
|
Vulnerability in artica (CVE-2026-30805)
vulnerability in artica (CVE-2026-30805). Confidential information can be exposed externally.
|
| CVE-2026-8321 |
|
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
|
| CVE-2026-42882 |
|
Path Traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882)
path traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882). Confidential information can be exposed externally. Exploitable via `PUT /upload/foo/drafts/../restricted/`. Mitigation: upgrade to `0.0.0-20260424211602-1320e4abd46a` or later.
|
| CVE-2026-45223 |
|
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
|
| CVE-2026-44994 |
|
Vulnerability in openclaw (CVE-2026-44994)
vulnerability in openclaw (CVE-2026-44994). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-43992 |
|
Vulnerability in dell (CVE-2025-43992)
vulnerability in dell (CVE-2025-43992). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65856 |
|
Vulnerability in cisa (CVE-2025-65856)
vulnerability in cisa (CVE-2025-65856). Successful exploitation can lead to full system takeover.
|