Vulnerability Database
A comprehensive hub for tracking high-impact vulnerabilities across application code and third-party libraries, for security teams and developers.
Trusted by Startups to Fortune 500
CVE-2022-50944
(8.8)
PHP Code Injection via File Upload (CWE-94) in Aero CMS Admin Post Creation
Remote Code Execution by authenticated users via malicious file upload
CVE-2021-47939
(8.8)
Code Injection (CWE-94) via Module Parameters in Evolution CMS
Remote Code Execution by Authenticated Users
CVE-2021-47936
(9.8)
Missing Authentication (CWE-306) Leading to Remote Code Execution in OpenCATS Resume Uploads
Remote Code Execution by Unauthenticated Attackers
CVE-2026-42605
(8.8)
Path Traversal File Upload (CWE-22) in AzuraCast Media Upload Endpoint
Authenticated Remote Code Execution via Arbitrary File Write
CVE-2026-42574
(7.5)
Symlink Path Traversal (CWE-22, CWE-59) in apko APK Extraction
Arbitrary File Write on Host via Build Process
CVE-2026-42569
(9.4)
Missing Authentication for Legacy Import Feature (CWE-306) in phpVMS
Privilege Escalation and Unauthorized Data Manipulation
CVE-2026-42562
(8.3)
Improper Privilege Management (CWE-269) in Plainpad User Role Update API
Privilege Escalation to Administrator
CVE-2026-42560
(9.1)
Improper Authentication Mapping (CWE-287) in Patreon OAuth Provider
Account Impersonation and Cross-Account Data Exposure
CVE-2026-42301
(7.8)
Unvalidated Input and Macro Injection (CWE-20, CWE-94) in pyp2spec RPM Spec Generation
Arbitrary Code Execution on Build Infrastructure
CVE-2026-42296
(8.1)
Authorization Bypass of TemplateReferencing Strict Mode (CWE-863) in Argo Workflows
Privilege Escalation and Security Control Bypass
