Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
  • M
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2026-27128
Affects craftcms/cms | Versions >=4.5.0-RC1, <4.16.19>=5.0.0-RC1, <5.8.23
Has fix
ComposerPublished 24 Feb 2026
  • M
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2026-27127
Affects craftcms/cms | Versions >=3.5.0, <4.16.19>=5.0.0-RC1, <5.8.23
Has fix
ComposerPublished 24 Feb 2026
  • H
Server-side Request Forgery (SSRF)CVE-2026-27129
Affects craftcms/cms | Versions >=3.5.0, <4.16.19>=5.0.0-RC1, <5.8.23
Has fix
ComposerPublished 24 Feb 2026
  • M
Cross-site Scripting (XSS)CVE-2026-27126
Affects craftcms/cms | Versions <4.16.19>=5.0.0-RC1, <5.8.23
Has fix
ComposerPublished 24 Feb 2026
  • H
Incorrect Privilege AssignmentCVE-2026-27198
Affects getformwork/formwork | Versions >=2.0.0, <2.3.4
Has fix
ComposerPublished 23 Feb 2026
  • M
Cross-site Scripting (XSS)CVE-2026-27196
Affects statamic/cms | Versions <5.73.9>=6.0.0-alpha.1, <6.3.2
Has fix
ComposerPublished 23 Feb 2026
  • M
Cross-site Scripting (XSS)CVE-2026-27568
Affects wwbn/avideo | Versions <21.0
Has fix
ComposerPublished 23 Feb 2026
  • C
Deserialization of Untrusted DataCVE-2026-27206
Affects zumba/json-serializer | Versions <3.2.3
Has fix
ComposerPublished 22 Feb 2026
  • H
SQL InjectionCVE-2026-26988
Affects librenms/librenms | Versions <26.2.0
Has fix
ComposerPublished 20 Feb 2026
  • M
Cross-site Scripting (XSS)CVE-2026-26992
Affects librenms/librenms | Versions <26.2.0
Has fix
ComposerPublished 20 Feb 2026
  • M
Cross-site Scripting (XSS)CVE-2026-26989
Affects librenms/librenms | Versions <26.2.0
Has fix
ComposerPublished 20 Feb 2026
  • M
Improper Encoding or Escaping of OutputCVE-2026-27016
Affects librenms/librenms | Versions >=24.10.0, <26.2.0
Has fix
ComposerPublished 20 Feb 2026
  • H
SQL InjectionCVE-2026-26990
Affects librenms/librenms | Versions <26.2.0
Has fix
ComposerPublished 20 Feb 2026
  • M
Cross-site Scripting (XSS)CVE-2026-26987
Affects librenms/librenms | Versions <26.2.0
Has fix
ComposerPublished 20 Feb 2026
  • M
Cross-site Scripting (XSS)CVE-2026-26991
Affects librenms/librenms | Versions <26.2.0
Has fix
ComposerPublished 20 Feb 2026
  • H
Authorization Bypass Through User-Controlled KeyCVE-2026-26016
Affects pterodactyl/panel | Versions <1.12.1
Has fix
ComposerPublished 19 Feb 2026
  • H
Insufficient Session Expiration
Affects pterodactyl/panel | Versions <1.12.1
Has fix
ComposerPublished 18 Feb 2026
  • C
Weak Password Recovery Mechanism for Forgotten PasswordCVE-2026-26273
Affects idno/known | Versions <1.6.3
Has fix
ComposerPublished 15 Feb 2026
  • M
Missing AuthorizationCVE-2025-70866
Affects lavalite/cms | Versions >=10.1.0
Has fix
ComposerPublished 15 Feb 2026
  • M
Cross-site Scripting (XSS)CVE-2018-25157
Affects phraseanet/phraseanet | Versions <4.0.7
Has fix
ComposerPublished 15 Feb 2026
  • H
Deserialization of Untrusted Data
Affects cesargb/laravel-magiclink | Versions >=2.0.0, <2.25.1
Has fix
ComposerPublished 15 Feb 2026
  • H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')CVE-2026-2469
Affects directorytree/imapengine | Versions <1.22.3
Has fix
ComposerPublished 13 Feb 2026
  • C
Cross-site Scripting (XSS)CVE-2026-25759
Affects statamic/cms | Versions >=6.0.0, <6.2.3
Has fix
ComposerPublished 12 Feb 2026
  • M
Missing AuthorizationCVE-2026-25633
Affects statamic/cms | Versions <5.73.6>=6.0.0-alpha.1, <6.2.5
Has fix
ComposerPublished 12 Feb 2026
  • H
Authorization Bypass Through User-Controlled KeyCVE-2026-25497
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.16.18>=5.0.0-RC1, <5.8.22
Has fix
ComposerPublished 12 Feb 2026
  • H
Server-side Request Forgery (SSRF)CVE-2026-25493
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.16.18>=5.0.0-RC1, <5.8.22
Has fix
ComposerPublished 12 Feb 2026
  • M
Server-side Request Forgery (SSRF)CVE-2026-25494
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.16.18>=5.0.0-RC1, <5.8.22
Has fix
ComposerPublished 12 Feb 2026
  • L
Cross-site Scripting (XSS)CVE-2026-25491
Affects craftcms/cms | Versions >=5.0.0-RC1, <5.8.22
Has fix
ComposerPublished 12 Feb 2026
  • H
SQL InjectionCVE-2026-25495
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.16.18>=5.0.0-RC1, <5.8.22
Has fix
ComposerPublished 11 Feb 2026
  • M
Server-side Request Forgery (SSRF)CVE-2026-25492
Affects craftcms/cms | Versions >=3.5.0, <4.16.18>=5.0.0-RC1, <5.8.22
Has fix
ComposerPublished 11 Feb 2026