Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-57867 |
|
Vulnerability in CVE-2026-57867 (CVE-2026-57867)
vulnerability in CVE-2026-57867 (CVE-2026-57867). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5268 |
|
Vulnerability in CVE-2026-5268 (CVE-2026-5268)
vulnerability in CVE-2026-5268 (CVE-2026-5268). Confidential information can be exposed externally.
|
| CVE-2025-13475 |
|
Vulnerability in CVE-2025-13475 (CVE-2025-13475)
vulnerability in CVE-2025-13475 (CVE-2025-13475). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58517 |
|
Vulnerability in CVE-2026-58517 (CVE-2026-58517)
vulnerability in CVE-2026-58517 (CVE-2026-58517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12579 |
|
AS228T with Authentication Bypass Vulnerability
AS228T with Authentication Bypass Vulnerability
|
| CVE-2026-20459 |
|
Vulnerability in dos (CVE-2026-20459)
vulnerability in dos (CVE-2026-20459). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20460 |
|
Vulnerability in CVE-2026-20460 (CVE-2026-20460)
vulnerability in CVE-2026-20460 (CVE-2026-20460). Confidential information can be exposed externally.
|
| CVE-2026-58172 |
|
Vulnerability in CVE-2026-58172 (CVE-2026-58172)
vulnerability in CVE-2026-58172 (CVE-2026-58172). Confidential information can be exposed externally.
|
| CVE-2026-53576 |
|
Code Injection in kestra (CVE-2026-53576)
code injection in kestra (CVE-2026-53576). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-56029 |
|
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
|
| CVE-2026-55666 |
|
Authentication Bypass in CVE-2026-55666 (CVE-2026-55666)
authentication bypass in CVE-2026-55666 (CVE-2026-55666). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-33543 |
|
Vulnerability in CVE-2026-33543 (CVE-2026-33543)
vulnerability in CVE-2026-33543 (CVE-2026-33543). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56243 |
|
Vulnerability in CVE-2026-56243 (CVE-2026-56243)
vulnerability in CVE-2026-56243 (CVE-2026-56243). Confidential information can be exposed externally.
|
| CVE-2020-37255 |
|
Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
|
| CVE-2019-25763 |
|
Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50194 |
|
Vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-54817 |
|
Vulnerability in CVE-2026-54817 (CVE-2026-54817)
vulnerability in CVE-2026-54817 (CVE-2026-54817). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54804 |
|
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
|
| CVE-2026-49767 |
|
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
|
| CVE-2026-49071 |
|
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
|
| CVE-2026-42629 |
|
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
|
| CVE-2026-25439 |
|
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
|
| CVE-2026-53622 |
|
Vulnerability in Traefik (CVE-2026-53622)
vulnerability in Traefik (CVE-2026-53622). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-48491 |
|
Vulnerability in Traefik (CVE-2026-48491)
vulnerability in Traefik (CVE-2026-48491). Confidential information can be exposed externally. Exploitable via ``SNICheck``. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-12225 |
|
Vulnerability in CVE-2026-12225 (CVE-2026-12225)
vulnerability in CVE-2026-12225 (CVE-2026-12225). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
|
| CVE-2026-49764 |
|
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
|
| CVE-2026-48970 |
|
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
|
| CVE-2026-42668 |
|
Vulnerability in CVE-2026-42668 (CVE-2026-42668)
vulnerability in CVE-2026-42668 (CVE-2026-42668). Confidential information can be exposed externally.
|
| CVE-2026-42411 |
|
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
|
| CVE-2026-40799 |
|
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
|
| CVE-2026-42378 |
|
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
|
| CVE-2026-40785 |
|
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
|
| CVE-2026-40781 |
|
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
|
| CVE-2026-40790 |
|
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
|
| CVE-2026-39450 |
|
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
|
| CVE-2026-49062 |
|
Vulnerability in CVE-2026-49062 (CVE-2026-49062)
vulnerability in CVE-2026-49062 (CVE-2026-49062). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48020 |
|
Vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020)
vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020). Confidential information can be exposed externally. Exploitable via `GET /admin`. Mitigation: upgrade to `2.11.48` or later.
|
| CVE-2026-10523 |
|
Vulnerability in ivanti (CVE-2026-10523)
vulnerability in ivanti (CVE-2026-10523). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5415 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-36175 |
|
Vulnerability in CVE-2026-36175 (CVE-2026-36175)
vulnerability in CVE-2026-36175 (CVE-2026-36175). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42654 |
|
Vulnerability in CVE-2026-42654 (CVE-2026-42654)
vulnerability in CVE-2026-42654 (CVE-2026-42654). Data can be tampered with by attackers.
|
| CVE-2026-40780 |
|
Vulnerability in CVE-2026-40780 (CVE-2026-40780)
vulnerability in CVE-2026-40780 (CVE-2026-40780). Data can be tampered with by attackers.
|
| CVE-2026-47200 |
|
Vulnerability in nuxt (CVE-2026-47200)
vulnerability in nuxt (CVE-2026-47200). Risk of unauthorized operations or information disclosure. Exploitable via ``experimental.componentIslands``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2025-41273 |
|
Vulnerability in waterfall-security (CVE-2025-41273)
vulnerability in waterfall-security (CVE-2025-41273). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8697 |
|
Vulnerability in tp-link (CVE-2026-8697)
vulnerability in tp-link (CVE-2026-8697). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8990 |
|
Vulnerability in CVE-2026-8990 (CVE-2026-8990)
vulnerability in CVE-2026-8990 (CVE-2026-8990). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35090 |
|
Vulnerability in CVE-2026-35090 (CVE-2026-35090)
vulnerability in CVE-2026-35090 (CVE-2026-35090). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35087 |
|
Vulnerability in CVE-2026-35087 (CVE-2026-35087)
vulnerability in CVE-2026-35087 (CVE-2026-35087). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42760 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
|
| CVE-2026-42749 |
|
Vulnerability in CVE-2026-42749 (CVE-2026-42749)
vulnerability in CVE-2026-42749 (CVE-2026-42749). Risk of unauthorized operations or information disclosure.
|