Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12404 |
|
Vulnerability in wordpress (CVE-2026-12404)
vulnerability in wordpress (CVE-2026-12404). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55838 |
|
Vulnerability in CVE-2026-55838 (CVE-2026-55838)
vulnerability in CVE-2026-55838 (CVE-2026-55838). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55189 |
|
Vulnerability in CVE-2026-55189 (CVE-2026-55189)
vulnerability in CVE-2026-55189 (CVE-2026-55189). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.0-beta.9` or later.
|
| CVE-2026-55188 |
|
Information Disclosure in CVE-2026-55188 (CVE-2026-55188)
vulnerability in CVE-2026-55188 (CVE-2026-55188). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.0-beta.9` or later.
|
| CVE-2026-49991 |
|
Path Traversal in path-traversal (CVE-2026-49991)
path traversal in path-traversal (CVE-2026-49991). Data can be tampered with by attackers.
|
| CVE-2026-47193 |
|
Information Disclosure in CVE-2026-47193 (CVE-2026-47193)
vulnerability in CVE-2026-47193 (CVE-2026-47193). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-44734 |
|
Vulnerability in CVE-2026-44734 (CVE-2026-44734)
vulnerability in CVE-2026-44734 (CVE-2026-44734). Data can be tampered with by attackers. Mitigation: upgrade to `17.3.2` or later.
|
| CVE-2026-57518 |
|
Vulnerability in privilege-escalation (CVE-2026-57518)
vulnerability in privilege-escalation (CVE-2026-57518). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12411 |
|
Vulnerability in canonical (CVE-2026-12411)
vulnerability in canonical (CVE-2026-12411). Confidential information can be exposed externally.
|
| CVE-2026-57660 |
|
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
|
| CVE-2026-57661 |
|
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
|
| CVE-2026-57649 |
|
Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.
Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.
|
| CVE-2026-57648 |
|
Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.
Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.
|
| CVE-2026-57654 |
|
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
|
| CVE-2026-57645 |
|
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
|
| CVE-2026-57640 |
|
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
|
| CVE-2026-57632 |
|
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.
|
| CVE-2026-57430 |
|
Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.
Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.
|
| CVE-2026-57323 |
|
Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.
Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.
|
| CVE-2026-57622 |
|
Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.
Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.
|
| CVE-2026-57324 |
|
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.
|
| CVE-2026-56773 |
|
Vulnerability in CVE-2026-56773 (CVE-2026-56773)
vulnerability in CVE-2026-56773 (CVE-2026-56773). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v2/tables/get`.
|
| CVE-2026-56038 |
|
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
|
| CVE-2026-56063 |
|
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
|
| CVE-2026-56061 |
|
Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.
Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.
|
| CVE-2026-56025 |
|
Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.
Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.
|
| CVE-2026-54840 |
|
Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.
Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.
|
| CVE-2026-54847 |
|
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
|
| CVE-2026-54837 |
|
Vulnerability in CVE-2026-54837 (CVE-2026-54837)
vulnerability in CVE-2026-54837 (CVE-2026-54837). Confidential information can be exposed externally.
|
| CVE-2026-54835 |
|
Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.
Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.
|
| CVE-2026-54846 |
|
Vulnerability in CVE-2026-54846 (CVE-2026-54846)
vulnerability in CVE-2026-54846 (CVE-2026-54846). Confidential information can be exposed externally.
|
| CVE-2026-52701 |
|
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
|
| CVE-2026-54832 |
|
Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.
Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.
|
| CVE-2026-24547 |
|
Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.
Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.
|
| CVE-2025-64636 |
|
Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions.
Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions.
|
| CVE-2025-63041 |
|
Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.
Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.
|
| CVE-2025-63079 |
|
Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.
Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.
|
| CVE-2025-63078 |
|
Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions.
Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions.
|
| CVE-2026-57923 |
|
Vulnerability in jetbrains (CVE-2026-57923)
vulnerability in jetbrains (CVE-2026-57923). Data can be tampered with by attackers.
|
| CVE-2026-57921 |
|
Vulnerability in jetbrains (CVE-2026-57921)
vulnerability in jetbrains (CVE-2026-57921). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57922 |
|
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
|
| CVE-2026-57925 |
|
Vulnerability in jetbrains (CVE-2026-57925)
vulnerability in jetbrains (CVE-2026-57925). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1869 |
|
Vulnerability in wordpress (CVE-2026-1869)
vulnerability in wordpress (CVE-2026-1869). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57520 |
|
Vulnerability in privilege-escalation (CVE-2026-57520)
vulnerability in privilege-escalation (CVE-2026-57520). Data can be tampered with by attackers.
|
| CVE-2026-2299 |
|
Vulnerability in CVE-2026-2299 (CVE-2026-2299)
vulnerability in CVE-2026-2299 (CVE-2026-2299). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57521 |
|
Vulnerability in bitwarden (CVE-2026-57521)
vulnerability in bitwarden (CVE-2026-57521). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56768 |
|
Vulnerability in CVE-2026-56768 (CVE-2026-56768)
vulnerability in CVE-2026-56768 (CVE-2026-56768). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v2.1/share-link-zip-task/`.
|
| CVE-2026-56767 |
|
Vulnerability in CVE-2026-56767 (CVE-2026-56767)
vulnerability in CVE-2026-56767 (CVE-2026-56767). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48941 |
|
Vulnerability in joomlaworks (CVE-2026-48941)
vulnerability in joomlaworks (CVE-2026-48941). Risk of unauthorized operations or information disclosure. Exploitable via ``item.checkin``.
|
| CVE-2026-54027 |
|
Vulnerability in librechat (CVE-2026-54027)
vulnerability in librechat (CVE-2026-54027). Data can be tampered with by attackers. Exploitable via `POST /api/files/images`. Mitigation: upgrade to `0.8.4-rc1` or later.
|