Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-11783 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11783)
cross-site scripting in wordpress (CVE-2026-11783). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12399 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12399)
cross-site scripting in wordpress (CVE-2026-12399). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13295 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13295)
cross-site scripting in wordpress (CVE-2026-13295). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9242 |
|
Vulnerability in wordpress (CVE-2026-9242)
vulnerability in wordpress (CVE-2026-9242). Risk of unauthorized operations or information disclosure. Exploitable via ``callback``.
|
| CVE-2026-49417 |
|
Use-After-Free in dos (CVE-2026-49417)
vulnerability in dos (CVE-2026-49417). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45258 |
|
Out-of-Bounds Read in dos (CVE-2026-45258)
vulnerability in dos (CVE-2026-45258). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13245 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13245)
cross-site scripting in wordpress (CVE-2026-13245). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9677 |
|
Vulnerability in wordpress (CVE-2026-9677)
vulnerability in wordpress (CVE-2026-9677). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12415 |
|
Privilege Escalation in wordpress (CVE-2026-12415)
vulnerability in wordpress (CVE-2026-12415). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13331 |
|
SQL Injection in wordpress (CVE-2026-13331)
SQL injection in wordpress (CVE-2026-13331). Confidential information can be exposed externally.
|
| CVE-2026-13333 |
|
SQL Injection in wordpress (CVE-2026-13333)
SQL injection in wordpress (CVE-2026-13333). Confidential information can be exposed externally.
|
| CVE-2026-11356 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11356)
cross-site scripting in wordpress (CVE-2026-11356). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13335 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13335)
cross-site scripting in wordpress (CVE-2026-13335). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50766 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-50766)
cross-site scripting in koha (CVE-2026-50766). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50767 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-50767)
cross-site scripting in koha (CVE-2026-50767). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50765 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-50765)
cross-site scripting in koha (CVE-2026-50765). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36478 |
|
Vulnerability in csharp (CVE-2026-36478)
vulnerability in csharp (CVE-2026-36478). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36907 |
|
Vulnerability in dos (CVE-2026-36907)
vulnerability in dos (CVE-2026-36907). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36908 |
|
Vulnerability in dos (CVE-2026-36908)
vulnerability in dos (CVE-2026-36908). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50016 |
|
Vulnerability in pnpm (CVE-2026-50016)
vulnerability in pnpm (CVE-2026-50016). Successful exploitation can lead to full system takeover. Exploitable via ``node_modules``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-55069 |
|
Vulnerability in privilege-escalation (CVE-2026-55069)
vulnerability in privilege-escalation (CVE-2026-55069). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.24` or later.
|
| CVE-2026-49869 |
|
OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-38639 |
|
Vulnerability in dos (CVE-2026-38639)
vulnerability in dos (CVE-2026-38639). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38641 |
|
Vulnerability in dos (CVE-2026-38641)
vulnerability in dos (CVE-2026-38641). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29509 |
|
Path Traversal in path-traversal (CVE-2026-29509)
path traversal in path-traversal (CVE-2026-29509). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32833 |
|
OS Command Injection in CVE-2026-32833 (CVE-2026-32833)
OS command injection in CVE-2026-32833 (CVE-2026-32833). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52884 |
|
Vulnerability in cpp (CVE-2026-52884)
vulnerability in cpp (CVE-2026-52884). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6.2` or later.
|
| CVE-2026-46710 |
|
Vulnerability in privilege-escalation (CVE-2026-46710)
vulnerability in privilege-escalation (CVE-2026-46710). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6` or later.
|
| CVE-2026-52785 |
|
SQL Injection in sqli (CVE-2026-52785)
SQL injection in sqli (CVE-2026-52785). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-52780 |
|
Vulnerability in CVE-2026-52780 (CVE-2026-52780)
vulnerability in CVE-2026-52780 (CVE-2026-52780). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-52784 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-52784)
vulnerability in csrf (CVE-2026-52784). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-49991 |
|
Path Traversal in path-traversal (CVE-2026-49991)
path traversal in path-traversal (CVE-2026-49991). Data can be tampered with by attackers.
|
| CVE-2026-46386 |
|
Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48090 |
|
Use-After-Free in dos (CVE-2026-48090)
vulnerability in dos (CVE-2026-48090). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.37.5` or later.
|
| CVE-2026-57518 |
|
Vulnerability in privilege-escalation (CVE-2026-57518)
vulnerability in privilege-escalation (CVE-2026-57518). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0685 |
|
Vulnerability in CVE-2026-0685 (CVE-2026-0685)
vulnerability in CVE-2026-0685 (CVE-2026-0685). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48706 |
|
Vulnerability in envoyproxy (CVE-2026-48706)
vulnerability in envoyproxy (CVE-2026-48706). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
|
| CVE-2026-54341 |
|
Out-of-Bounds Read in dos (CVE-2026-54341)
vulnerability in dos (CVE-2026-54341). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.39.0` or later.
|
| CVE-2026-47221 |
|
Vulnerability in dos (CVE-2026-47221)
vulnerability in dos (CVE-2026-47221). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
|
| CVE-2026-48044 |
|
Vulnerability in dos (CVE-2026-48044)
vulnerability in dos (CVE-2026-48044). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-56663 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-56663)
SSRF in ssrf (CVE-2026-56663). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.6.52` or later.
|
| CVE-2026-28385 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-28385)
SSRF in ssrf (CVE-2026-28385). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-32394 |
|
Vulnerability in dos (CVE-2025-32394)
vulnerability in dos (CVE-2025-32394). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.32` or later.
|
| CVE-2025-32423 |
|
Vulnerability in dos (CVE-2025-32423)
vulnerability in dos (CVE-2025-32423). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.32` or later.
|
| CVE-2026-44160 |
|
Vulnerability in fluentd (CVE-2026-44160)
vulnerability in fluentd (CVE-2026-44160). Risk of unauthorized operations or information disclosure. Exploitable via ``in_http``. Mitigation: upgrade to `1.19.3` or later.
|
| CVE-2026-44024 |
|
Path Traversal in fluentd (CVE-2026-44024)
path traversal in fluentd (CVE-2026-44024). Risk of unauthorized operations or information disclosure. Exploitable via ``path``. Mitigation: upgrade to `1.19.3` or later.
|
| CVE-2026-9640 |
|
Authorization Flaw in privilege-escalation (CVE-2026-9640)
vulnerability in privilege-escalation (CVE-2026-9640). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9639 |
|
Vulnerability in dos (CVE-2026-9639)
vulnerability in dos (CVE-2026-9639). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57642 |
|
Contributor SQL Injection in Gallery <= 4.7.8 versions.
Contributor SQL Injection in Gallery <= 4.7.8 versions.
|
| CVE-2026-57643 |
|
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
|