Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-288 Clear
ID Title
CVE-2026-57867 Vulnerability in CVE-2026-57867 (CVE-2026-57867)
vulnerability in CVE-2026-57867 (CVE-2026-57867). Risk of unauthorized operations or information disclosure.
CVE-2026-5268 Vulnerability in CVE-2026-5268 (CVE-2026-5268)
vulnerability in CVE-2026-5268 (CVE-2026-5268). Confidential information can be exposed externally.
CVE-2025-13475 Vulnerability in CVE-2025-13475 (CVE-2025-13475)
vulnerability in CVE-2025-13475 (CVE-2025-13475). Risk of unauthorized operations or information disclosure.
CVE-2026-58517 Vulnerability in CVE-2026-58517 (CVE-2026-58517)
vulnerability in CVE-2026-58517 (CVE-2026-58517). Risk of unauthorized operations or information disclosure.
CVE-2026-12579 AS228T with Authentication Bypass Vulnerability
AS228T with Authentication Bypass Vulnerability
CVE-2026-20459 Vulnerability in dos (CVE-2026-20459)
vulnerability in dos (CVE-2026-20459). Risk of unauthorized operations or information disclosure.
CVE-2026-20460 Vulnerability in CVE-2026-20460 (CVE-2026-20460)
vulnerability in CVE-2026-20460 (CVE-2026-20460). Confidential information can be exposed externally.
CVE-2026-58172 Vulnerability in CVE-2026-58172 (CVE-2026-58172)
vulnerability in CVE-2026-58172 (CVE-2026-58172). Confidential information can be exposed externally.
CVE-2026-53576 Code Injection in kestra (CVE-2026-53576)
code injection in kestra (CVE-2026-53576). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-56029 Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
CVE-2026-55666 Authentication Bypass in CVE-2026-55666 (CVE-2026-55666)
authentication bypass in CVE-2026-55666 (CVE-2026-55666). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.1` or later.
CVE-2026-33543 Vulnerability in CVE-2026-33543 (CVE-2026-33543)
vulnerability in CVE-2026-33543 (CVE-2026-33543). Risk of unauthorized operations or information disclosure.
CVE-2026-56243 Vulnerability in CVE-2026-56243 (CVE-2026-56243)
vulnerability in CVE-2026-56243 (CVE-2026-56243). Confidential information can be exposed externally.
CVE-2020-37255 Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
CVE-2019-25763 Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
CVE-2026-50194 Vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `4.2.0` or later.
CVE-2026-54817 Vulnerability in CVE-2026-54817 (CVE-2026-54817)
vulnerability in CVE-2026-54817 (CVE-2026-54817). Risk of unauthorized operations or information disclosure.
CVE-2026-54804 Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
CVE-2026-49767 Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
CVE-2026-49071 Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
CVE-2026-42629 Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-25439 Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
CVE-2026-53622 Vulnerability in Traefik (CVE-2026-53622)
vulnerability in Traefik (CVE-2026-53622). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `3.7.3` or later.
CVE-2026-48491 Vulnerability in Traefik (CVE-2026-48491)
vulnerability in Traefik (CVE-2026-48491). Confidential information can be exposed externally. Exploitable via ``SNICheck``. Mitigation: upgrade to `3.7.3` or later.
CVE-2026-12225 Vulnerability in CVE-2026-12225 (CVE-2026-12225)
vulnerability in CVE-2026-12225 (CVE-2026-12225). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
CVE-2026-49764 Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
CVE-2026-48970 Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
CVE-2026-42668 Vulnerability in CVE-2026-42668 (CVE-2026-42668)
vulnerability in CVE-2026-42668 (CVE-2026-42668). Confidential information can be exposed externally.
CVE-2026-42411 Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
CVE-2026-40799 Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
CVE-2026-42378 Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
CVE-2026-40785 Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
CVE-2026-40781 Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
CVE-2026-40790 Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
CVE-2026-39450 Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
CVE-2026-49062 Vulnerability in CVE-2026-49062 (CVE-2026-49062)
vulnerability in CVE-2026-49062 (CVE-2026-49062). Successful exploitation can lead to full system takeover.
CVE-2026-48020 Vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020)
vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020). Confidential information can be exposed externally. Exploitable via `GET /admin`. Mitigation: upgrade to `2.11.48` or later.
CVE-2026-10523 Vulnerability in ivanti (CVE-2026-10523)
vulnerability in ivanti (CVE-2026-10523). Successful exploitation can lead to full system takeover.
CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-36175 Vulnerability in CVE-2026-36175 (CVE-2026-36175)
vulnerability in CVE-2026-36175 (CVE-2026-36175). Successful exploitation can lead to full system takeover.
CVE-2026-42654 Vulnerability in CVE-2026-42654 (CVE-2026-42654)
vulnerability in CVE-2026-42654 (CVE-2026-42654). Data can be tampered with by attackers.
CVE-2026-40780 Vulnerability in CVE-2026-40780 (CVE-2026-40780)
vulnerability in CVE-2026-40780 (CVE-2026-40780). Data can be tampered with by attackers.
CVE-2026-47200 Vulnerability in nuxt (CVE-2026-47200)
vulnerability in nuxt (CVE-2026-47200). Risk of unauthorized operations or information disclosure. Exploitable via ``experimental.componentIslands``. Mitigation: upgrade to `4.4.6` or later.
CVE-2025-41273 Vulnerability in waterfall-security (CVE-2025-41273)
vulnerability in waterfall-security (CVE-2025-41273). Successful exploitation can lead to full system takeover.
CVE-2026-8697 Vulnerability in tp-link (CVE-2026-8697)
vulnerability in tp-link (CVE-2026-8697). Successful exploitation can lead to full system takeover.
CVE-2026-8990 Vulnerability in CVE-2026-8990 (CVE-2026-8990)
vulnerability in CVE-2026-8990 (CVE-2026-8990). Risk of unauthorized operations or information disclosure.
CVE-2026-35090 Vulnerability in CVE-2026-35090 (CVE-2026-35090)
vulnerability in CVE-2026-35090 (CVE-2026-35090). Risk of unauthorized operations or information disclosure.
CVE-2026-35087 Vulnerability in CVE-2026-35087 (CVE-2026-35087)
vulnerability in CVE-2026-35087 (CVE-2026-35087). Risk of unauthorized operations or information disclosure.
CVE-2026-42760 Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
CVE-2026-42749 Vulnerability in CVE-2026-42749 (CVE-2026-42749)
vulnerability in CVE-2026-42749 (CVE-2026-42749). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →