Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
  • M
Information ExposureCVE-2026-31888
Affects shopware/core | Versions <6.6.10.15>=6.7.0.0, <6.7.8.1
Has fix
ComposerPublished 13 Mar 2026
  • H
Incorrect AuthorizationCVE-2026-31887
Affects shopware/core | Versions <6.6.10.15>=6.7.0.0, <6.7.8.1
Has fix
ComposerPublished 13 Mar 2026
  • H
User ImpersonationCVE-2026-31889
Affects shopware/platform | Versions <6.6.10.15>=6.7.0.0, <6.7.8.1
Has fix
ComposerPublished 13 Mar 2026
  • H
User ImpersonationCVE-2026-31889
Affects shopware/core | Versions <6.6.10.15>=6.7.0.0, <6.7.8.1
Has fix
ComposerPublished 13 Mar 2026
  • H
Unverified OwnershipCVE-2026-29788
Affects miraheze/ts-portal | Versions <30.0.0
Has fix
ComposerPublished 12 Mar 2026
  • M
Open RedirectCVE-2026-31819
Affects sylius/sylius | Versions <1.9.12>=1.10.0-alpha.1, <1.10.16>=1.11.0-alpha.1, <1.11.17>=1.12.0-alpha.1, <1.12.23>=1.13.0-alpha.1, <1.13.15>=1.14.0-alpha.1, <1.14.18>=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
  • H
Authorization Bypass Through User-Controlled KeyCVE-2026-31820
Affects sylius/sylius | Versions >=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
  • M
Improper Neutralization of Special Elements in Data Query LogicCVE-2026-31825
Affects sylius/sylius | Versions <1.9.12>=1.10.0-alpha.1, <1.10.16>=1.11.0-alpha.1, <1.11.17>=1.12.0-alpha.1, <1.12.23>=1.13.0-alpha.1, <1.13.15>=1.14.0-alpha.1, <1.14.18>=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-31823
Affects sylius/sylius | Versions >=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
  • H
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2026-31824
Affects sylius/sylius | Versions <1.9.12>=1.10.0-alpha.1, <1.10.16>=1.11.0-alpha.1, <1.11.17>=1.12.0-alpha.1, <1.12.23>=1.13.0-alpha.1, <1.13.15>=1.14.0-alpha.1, <1.14.18>=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-31822
Affects sylius/sylius | Versions >=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
  • M
Missing AuthorizationCVE-2026-31821
Affects sylius/sylius | Versions >=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
  • H
Incorrect Authorization
Affects grumpydictator/firefly-iii | Versions >=6.4.23, <6.5.4
Has fix
ComposerPublished 11 Mar 2026
  • H
Arbitrary Code Injection
Affects azuracast/azuracast | Versions <0.23.4
Has fix
ComposerPublished 11 Mar 2026
  • M
Authorization Bypass Through User-Controlled KeyCVE-2026-30927
Affects admidio/admidio | Versions <5.0.6
Has fix
ComposerPublished 11 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-30913
Affects flarum/nicknames | Versions <1.8.3
Has fix
ComposerPublished 11 Mar 2026
  • M
Origin Validation ErrorCVE-2026-30964
Affects web-auth/webauthn-lib | Versions <5.2.4
Has fix
ComposerPublished 11 Mar 2026
  • H
Directory TraversalCVE-2025-14675
Affects wpmetabox/meta-box | Versions <5.11.2
Has fix
ComposerPublished 11 Mar 2026
  • C
Arbitrary Code InjectionCVE-2026-31857
Affects craftcms/cms | Versions >=4.0.0-beta.1, <4.17.4>=5.0.0-beta.1, <5.9.9
Has fix
ComposerPublished 11 Mar 2026
  • M
Cross-site Scripting (XSS)
Affects craftcms/cms | Versions >=5.0.0-RC1, <5.8.22
Has fix
ComposerPublished 11 Mar 2026
  • M
Improper Encoding or Escaping of OutputCVE-2026-31859
Affects craftcms/cms | Versions >=4.15.3, <4.17.3>=5.7.5, <5.9.7
Has fix
ComposerPublished 11 Mar 2026
  • L
Cross-site Request Forgery (CSRF)CVE-2026-29113
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.3>=5.0.0-RC1, <5.9.6
Has fix
ComposerPublished 11 Mar 2026
  • M
SQL InjectionCVE-2026-31858
Affects craftcms/cms | Versions >=5.0.0-RC1, <5.9.9
Has fix
ComposerPublished 11 Mar 2026
  • H
Improperly Controlled Modification of Dynamically-Determined Object AttributesCVE-2025-15602
Affects snipe/snipe-it | Versions <8.3.7
Has fix
ComposerPublished 11 Mar 2026
  • M
Missing AuthorizationCVE-2026-30885
Affects wwbn/avideo | Versions <25.0
Has fix
ComposerPublished 11 Mar 2026
  • H
SQL InjectionCVE-2026-29174
Affects craftcms/commerce | Versions >=5.0.0-beta.1, <5.5.3
Has fix
ComposerPublished 11 Mar 2026
  • H
SQL InjectionCVE-2026-29172
Affects craftcms/commerce | Versions >=4.0.0-beta.1, <4.10.2>=5.0.0-beta.1, <5.5.3
Has fix
ComposerPublished 11 Mar 2026
  • H
Cross-site Scripting (XSS)CVE-2026-29175
Affects craftcms/commerce | Versions >=5.0.0-beta.1, <5.5.3
Has fix
ComposerPublished 11 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-29177
Affects craftcms/commerce | Versions >=4.0.0-beta.1, <4.10.2>=5.0.0-beta.1, <5.5.3
Has fix
ComposerPublished 11 Mar 2026
  • M
Authorization Bypass Through User-Controlled KeyCVE-2026-31867
Affects craftcms/commerce | Versions >=4.0.0-beta.1
Has fix
ComposerPublished 11 Mar 2026