Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
  • M
Cross-site Scripting (XSS)CVE-2026-29177
Affects craftcms/commerce | Versions >=4.0.0-beta.1, <4.10.2>=5.0.0-beta.1, <5.5.3
Has fix
ComposerPublished 11 Mar 2026
  • M
Authorization Bypass Through User-Controlled KeyCVE-2026-31867
Affects craftcms/commerce | Versions >=4.0.0-beta.1, <4.11.0>=5.0.0, <5.6.0
Has fix
ComposerPublished 11 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-29176
Affects craftcms/commerce | Versions >=5.0.0-beta.1, <5.5.3
Has fix
ComposerPublished 11 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-29173
Affects craftcms/commerce | Versions >=5.0.0-beta.1, <5.5.3>=4.0.0-beta.1, <4.10.2
Has fix
ComposerPublished 11 Mar 2026
  • H
Incorrect Authorization
Affects ec-cube/ec-cube | Versions >=4.1-beta3, <4.3.1-p1
Has fix
ComposerPublished 10 Mar 2026
  • M
Cross-site Scripting (XSS)
Affects leantime/leantime | Versions <3.3.0
Has fix
ComposerPublished 10 Mar 2026
  • H
Missing AuthorizationCVE-2026-28685
Affects kimai/kimai | Versions <2.51.0
Has fix
ComposerPublished 10 Mar 2026
  • H
Authorization Bypass Through User-Controlled KeyCVE-2026-29069
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.0-beta.2>=5.0.0-RC1, <5.9.0-beta.2
Has fix
ComposerPublished 10 Mar 2026
  • H
Improperly Controlled Modification of Dynamically-Determined Object AttributesCVE-2026-28781
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.0-beta.1>=5.0.0-RC1, <5.9.0-beta.2
Has fix
ComposerPublished 10 Mar 2026
  • H
Authorization Bypass Through User-Controlled KeyCVE-2026-28782
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.0-beta.1>=5.0.0-RC1, <5.9.0-beta.1
Has fix
ComposerPublished 10 Mar 2026
  • H
Template InjectionCVE-2026-28783
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.0-beta.1>=5.0.0-RC1, <5.9.0-beta.1
Has fix
ComposerPublished 10 Mar 2026
  • H
Template InjectionCVE-2026-28784
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.0-beta.1>=5.0.0-RC1, <5.9.0-beta.1
Has fix
ComposerPublished 10 Mar 2026
  • H
Template InjectionCVE-2026-28695
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.0-beta.1>=5.8.7, <5.9.0-beta.1
Has fix
ComposerPublished 10 Mar 2026
  • M
Template InjectionCVE-2026-28697
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.0-beta.1>=5.0.0-RC1, <5.9.0-beta.1
Has fix
ComposerPublished 10 Mar 2026
  • M
Missing AuthorizationCVE-2026-28696
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.0-beta.1>=5.0.0-RC1, <5.9.0-beta.1
Has fix
ComposerPublished 10 Mar 2026
  • M
Cross-site Scripting (XSS)
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.0-beta.1>=5.0.0-RC1, <5.9.0-beta.1
Has fix
ComposerPublished 10 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-24415
Affects devcode-it/openstamanager | Versions <2.10.1
Has fix
ComposerPublished 9 Mar 2026
  • C
Missing Authentication for Critical FunctionCVE-2026-27012
Affects devcode-it/openstamanager | Versions <2.10.1
Has fix
ComposerPublished 9 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-30838
Affects league/commonmark | Versions <2.8.1
Has fix
ComposerPublished 9 Mar 2026
  • H
Deserialization of Untrusted DataCVE-2026-3452
Affects concrete5/core | Versions <9.4.8
Has fix
ComposerPublished 6 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-3242
Affects concrete5/core | Versions <9.4.8
Has fix
ComposerPublished 6 Mar 2026
  • M
Cross-site Request Forgery (CSRF)CVE-2026-2994
Affects concrete5/core | Versions <9.4.8
Has fix
ComposerPublished 6 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-3244
Affects concrete5/core | Versions <9.4.8
Has fix
ComposerPublished 6 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-3241
Affects concrete5/core | Versions <9.4.8
Has fix
ComposerPublished 6 Mar 2026
  • M
Cross-site Scripting (XSS)CVE-2026-3240
Affects concrete5/core | Versions <9.4.8
Has fix
ComposerPublished 6 Mar 2026
  • H
Comparing instead of AssigningCVE-2026-26279
Affects froxlor/froxlor | Versions <2.3.4
Has fix
ComposerPublished 3 Mar 2026
  • C
SQL InjectionCVE-2026-28501
Affects wwbn/avideo | Versions <24.0
Has fix
ComposerPublished 3 Mar 2026
  • H
Arbitrary File UploadCVE-2026-28502
Affects wwbn/avideo | Versions <24.0
Has fix
ComposerPublished 3 Mar 2026
  • H
Command InjectionCVE-2026-28507
Affects idno/known | Versions <1.6.4
Has fix
ComposerPublished 3 Mar 2026
  • C
Server-side Request Forgery (SSRF)CVE-2026-28508
Affects idno/known | Versions >=0.0.0, <1.6.4
Has fix
ComposerPublished 3 Mar 2026