Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-11783 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11783)
cross-site scripting in wordpress (CVE-2026-11783). Risk of unauthorized operations or information disclosure.
CVE-2026-12399 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12399)
cross-site scripting in wordpress (CVE-2026-12399). Risk of unauthorized operations or information disclosure.
CVE-2026-13295 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13295)
cross-site scripting in wordpress (CVE-2026-13295). Risk of unauthorized operations or information disclosure.
CVE-2026-9242 Vulnerability in wordpress (CVE-2026-9242)
vulnerability in wordpress (CVE-2026-9242). Risk of unauthorized operations or information disclosure. Exploitable via ``callback``.
CVE-2026-49417 Use-After-Free in dos (CVE-2026-49417)
vulnerability in dos (CVE-2026-49417). Successful exploitation can lead to full system takeover.
CVE-2026-45258 Out-of-Bounds Read in dos (CVE-2026-45258)
vulnerability in dos (CVE-2026-45258). Successful exploitation can lead to full system takeover.
CVE-2026-13245 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13245)
cross-site scripting in wordpress (CVE-2026-13245). Risk of unauthorized operations or information disclosure.
CVE-2026-9677 Vulnerability in wordpress (CVE-2026-9677)
vulnerability in wordpress (CVE-2026-9677). Risk of unauthorized operations or information disclosure.
CVE-2026-12415 Privilege Escalation in wordpress (CVE-2026-12415)
vulnerability in wordpress (CVE-2026-12415). Successful exploitation can lead to full system takeover.
CVE-2026-13331 SQL Injection in wordpress (CVE-2026-13331)
SQL injection in wordpress (CVE-2026-13331). Confidential information can be exposed externally.
CVE-2026-13333 SQL Injection in wordpress (CVE-2026-13333)
SQL injection in wordpress (CVE-2026-13333). Confidential information can be exposed externally.
CVE-2026-11356 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11356)
cross-site scripting in wordpress (CVE-2026-11356). Risk of unauthorized operations or information disclosure.
CVE-2026-13335 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13335)
cross-site scripting in wordpress (CVE-2026-13335). Risk of unauthorized operations or information disclosure.
CVE-2026-50766 Cross-Site Scripting (XSS) in koha (CVE-2026-50766)
cross-site scripting in koha (CVE-2026-50766). Risk of unauthorized operations or information disclosure.
CVE-2026-50767 Cross-Site Scripting (XSS) in koha (CVE-2026-50767)
cross-site scripting in koha (CVE-2026-50767). Risk of unauthorized operations or information disclosure.
CVE-2026-50765 Cross-Site Scripting (XSS) in koha (CVE-2026-50765)
cross-site scripting in koha (CVE-2026-50765). Risk of unauthorized operations or information disclosure.
CVE-2026-36478 Vulnerability in csharp (CVE-2026-36478)
vulnerability in csharp (CVE-2026-36478). Risk of unauthorized operations or information disclosure.
CVE-2026-36907 Vulnerability in dos (CVE-2026-36907)
vulnerability in dos (CVE-2026-36907). Risk of unauthorized operations or information disclosure.
CVE-2026-36908 Vulnerability in dos (CVE-2026-36908)
vulnerability in dos (CVE-2026-36908). Risk of unauthorized operations or information disclosure.
CVE-2026-50016 Vulnerability in pnpm (CVE-2026-50016)
vulnerability in pnpm (CVE-2026-50016). Successful exploitation can lead to full system takeover. Exploitable via ``node_modules``. Mitigation: upgrade to `11.4.0` or later.
CVE-2026-55069 Vulnerability in privilege-escalation (CVE-2026-55069)
vulnerability in privilege-escalation (CVE-2026-55069). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.24` or later.
CVE-2026-49869 OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-38639 Vulnerability in dos (CVE-2026-38639)
vulnerability in dos (CVE-2026-38639). Risk of unauthorized operations or information disclosure.
CVE-2026-38641 Vulnerability in dos (CVE-2026-38641)
vulnerability in dos (CVE-2026-38641). Risk of unauthorized operations or information disclosure.
CVE-2026-29509 Path Traversal in path-traversal (CVE-2026-29509)
path traversal in path-traversal (CVE-2026-29509). Risk of unauthorized operations or information disclosure.
CVE-2026-32833 OS Command Injection in CVE-2026-32833 (CVE-2026-32833)
OS command injection in CVE-2026-32833 (CVE-2026-32833). Successful exploitation can lead to full system takeover.
CVE-2026-52884 Vulnerability in cpp (CVE-2026-52884)
vulnerability in cpp (CVE-2026-52884). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6.2` or later.
CVE-2026-46710 Vulnerability in privilege-escalation (CVE-2026-46710)
vulnerability in privilege-escalation (CVE-2026-46710). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6` or later.
CVE-2026-52785 SQL Injection in sqli (CVE-2026-52785)
SQL injection in sqli (CVE-2026-52785). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52780 Vulnerability in CVE-2026-52780 (CVE-2026-52780)
vulnerability in CVE-2026-52780 (CVE-2026-52780). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52784 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-52784)
vulnerability in csrf (CVE-2026-52784). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-49991 Path Traversal in path-traversal (CVE-2026-49991)
path traversal in path-traversal (CVE-2026-49991). Data can be tampered with by attackers.
CVE-2026-46386 Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
CVE-2026-48090 Use-After-Free in dos (CVE-2026-48090)
vulnerability in dos (CVE-2026-48090). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.37.5` or later.
CVE-2026-57518 Vulnerability in privilege-escalation (CVE-2026-57518)
vulnerability in privilege-escalation (CVE-2026-57518). Successful exploitation can lead to full system takeover.
CVE-2026-0685 Vulnerability in CVE-2026-0685 (CVE-2026-0685)
vulnerability in CVE-2026-0685 (CVE-2026-0685). Successful exploitation can lead to full system takeover.
CVE-2026-48706 Vulnerability in envoyproxy (CVE-2026-48706)
vulnerability in envoyproxy (CVE-2026-48706). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
CVE-2026-54341 Out-of-Bounds Read in dos (CVE-2026-54341)
vulnerability in dos (CVE-2026-54341). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.39.0` or later.
CVE-2026-47221 Vulnerability in dos (CVE-2026-47221)
vulnerability in dos (CVE-2026-47221). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
CVE-2026-48044 Vulnerability in dos (CVE-2026-48044)
vulnerability in dos (CVE-2026-48044). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.11` or later.
CVE-2026-56663 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-56663)
SSRF in ssrf (CVE-2026-56663). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.6.52` or later.
CVE-2026-28385 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-28385)
SSRF in ssrf (CVE-2026-28385). Risk of unauthorized operations or information disclosure.
CVE-2025-32394 Vulnerability in dos (CVE-2025-32394)
vulnerability in dos (CVE-2025-32394). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.32` or later.
CVE-2025-32423 Vulnerability in dos (CVE-2025-32423)
vulnerability in dos (CVE-2025-32423). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.32` or later.
CVE-2026-44160 Vulnerability in fluentd (CVE-2026-44160)
vulnerability in fluentd (CVE-2026-44160). Risk of unauthorized operations or information disclosure. Exploitable via ``in_http``. Mitigation: upgrade to `1.19.3` or later.
CVE-2026-44024 Path Traversal in fluentd (CVE-2026-44024)
path traversal in fluentd (CVE-2026-44024). Risk of unauthorized operations or information disclosure. Exploitable via ``path``. Mitigation: upgrade to `1.19.3` or later.
CVE-2026-9640 Authorization Flaw in privilege-escalation (CVE-2026-9640)
vulnerability in privilege-escalation (CVE-2026-9640). Successful exploitation can lead to full system takeover.
CVE-2026-9639 Vulnerability in dos (CVE-2026-9639)
vulnerability in dos (CVE-2026-9639). Risk of unauthorized operations or information disclosure.
CVE-2026-57642 Contributor SQL Injection in Gallery <= 4.7.8 versions.
Contributor SQL Injection in Gallery <= 4.7.8 versions.
CVE-2026-57643 Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →