Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
CVE-2026-29093
AVideo: Unauthenticated PHP session store exposed to host network via published memcached port
CVE-2026-29069
Craft CMS has unauthenticated activation email trigger with potential user enumeration
CVE-2026-28685
Kimai's API invoice endpoint missing customer-level access control (IDOR)
CVE-2026-3242
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
CVE-2026-3240
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
CVE-2026-2994
Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2026-3241
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
CVE-2026-3452
Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection
CVE-2026-3244
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
CVE-2026-28784
Craft CMS has potential authenticated Remote Code Execution via Twig SSTI
CVE-2026-28782
Craft CMS has Permission Bypass and IDOR in Duplicate Entry Action
CVE-2026-28783
Craft CMS has Twig Function Blocklist Bypass
CVE-2026-28781
Craft CMS: Entries Authorship Spoofing via Mass Assignment
CVE-2026-28697
Craft CMS Vulnerable to Authenticated RCE via "craft.app.fs.write()" in Twig Templates
Craft CMS Vulnerable to Stored XSS in Settings Names and Field Options
CVE-2026-28696
Craft CMS has IDOR via GraphQL @parseRefs
CVE-2026-28695
Craft CMS Vulnerable to Authenticated RCE via Twig SSTI - create() function + Symfony Process gadget
CVE-2026-29058
WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php
CVE-2026-27012
OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php
CVE-2026-26279
Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
Showing 1 - 20 of 1,000+ results