Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-13150 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13150)
SSRF in ssrf (CVE-2026-13150). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/reports/{id}/pdf`.
CVE-2026-52943 Use-After-Free in privilege-escalation (CVE-2026-52943)
vulnerability in privilege-escalation (CVE-2026-52943). Successful exploitation can lead to full system takeover.
CVE-2026-56052 SQL Injection in sqli (CVE-2026-56052)
SQL injection in sqli (CVE-2026-56052). Confidential information can be exposed externally.
CVE-2026-52914 Out-of-Bounds Write in dos (CVE-2026-52914)
out-of-bounds write in dos (CVE-2026-52914). Successful exploitation can lead to full system takeover.
CVE-2026-9643 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9643)
cross-site scripting in wordpress (CVE-2026-9643). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_wpms_links.link_url``.
CVE-2026-9179 SQL Injection in wordpress (CVE-2026-9179)
SQL injection in wordpress (CVE-2026-9179). Confidential information can be exposed externally.
CVE-2026-9620 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9620)
cross-site scripting in wordpress (CVE-2026-9620). Risk of unauthorized operations or information disclosure.
CVE-2026-8705 SQL Injection in wordpress (CVE-2026-8705)
SQL injection in wordpress (CVE-2026-8705). Confidential information can be exposed externally. Exploitable via ``clearsale_total_push``.
CVE-2026-8628 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8628)
cross-site scripting in wordpress (CVE-2026-8628). Risk of unauthorized operations or information disclosure.
CVE-2026-8865 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8865)
cross-site scripting in wordpress (CVE-2026-8865). Risk of unauthorized operations or information disclosure.
CVE-2026-8896 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8896)
cross-site scripting in wordpress (CVE-2026-8896). Risk of unauthorized operations or information disclosure.
CVE-2026-6292 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6292)
vulnerability in wordpress (CVE-2026-6292). Risk of unauthorized operations or information disclosure.
CVE-2026-8622 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8622)
cross-site scripting in wordpress (CVE-2026-8622). Risk of unauthorized operations or information disclosure.
CVE-2026-4297 Vulnerability in wordpress (CVE-2026-4297)
vulnerability in wordpress (CVE-2026-4297). Successful exploitation can lead to full system takeover.
CVE-2026-12417 Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
CVE-2026-10091 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10091)
cross-site scripting in wordpress (CVE-2026-10091). Risk of unauthorized operations or information disclosure.
CVE-2026-10092 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10092)
cross-site scripting in wordpress (CVE-2026-10092). Risk of unauthorized operations or information disclosure.
CVE-2026-10531 Vulnerability in wordpress (CVE-2026-10531)
vulnerability in wordpress (CVE-2026-10531). Risk of unauthorized operations or information disclosure.
CVE-2026-12488 Vulnerability in dos (CVE-2026-12488)
vulnerability in dos (CVE-2026-12488). Risk of unauthorized operations or information disclosure.
CVE-2026-3652 The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
CVE-2026-11614 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11614)
cross-site scripting in wordpress (CVE-2026-11614). Risk of unauthorized operations or information disclosure.
CVE-2026-54639 Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire...
CVE-2026-56785 Cross-Site Scripting (XSS) in CVE-2026-56785 (CVE-2026-56785)
cross-site scripting in CVE-2026-56785 (CVE-2026-56785). Confidential information can be exposed externally.
CVE-2026-12163 Cross-Site Scripting (XSS) in fortra (CVE-2026-12163)
cross-site scripting in fortra (CVE-2026-12163). Risk of unauthorized operations or information disclosure.
CVE-2026-54512 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512). Successful exploitation can lead to full system takeover. Exploitable via ``PolymorphicTypeValidator``. Mitigation: upgrade to `2.21.4` or later.
CVE-2026-54514 SSRF (Server-Side Request Forgery) in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54514)
SSRF in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54514). Risk of unauthorized operations or information disclosure. Exploitable via ``JDKFromStringDeserializer``. Mitigation: upgrade to `3.1.4` or later.
CVE-2026-54516 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54516)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54516). Risk of unauthorized operations or information disclosure. Exploitable via ``MapperFeature.INFER_PROPERTY_MUTATORS``. Mitigation: upgrade to `3.1.4` or later.
CVE-2026-41862 Unsafe Deserialization in CVE-2026-41862 (CVE-2026-41862)
vulnerability in CVE-2026-41862 (CVE-2026-41862). Successful exploitation can lead to full system takeover.
CVE-2026-12112 Authentication Bypass in privilege-escalation (CVE-2026-12112)
authentication bypass in privilege-escalation (CVE-2026-12112). Successful exploitation can lead to full system takeover.
CVE-2026-55736 Vulnerability in privilege-escalation (CVE-2026-55736)
vulnerability in privilege-escalation (CVE-2026-55736). Risk of unauthorized operations or information disclosure.
CVE-2026-55488 Path Traversal in motioneye (CVE-2026-55488)
path traversal in motioneye (CVE-2026-55488). Risk of unauthorized operations or information disclosure. Exploitable via `GET /movie/`. Mitigation: upgrade to `0.44.0` or later.
CVE-2026-50221 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50221)
SSRF in ssrf (CVE-2026-50221). Risk of unauthorized operations or information disclosure.
CVE-2025-61024 SQL Injection in dos (CVE-2025-61024)
SQL injection in dos (CVE-2025-61024). Risk of unauthorized operations or information disclosure.
CVE-2025-61029 SQL Injection in dos (CVE-2025-61029)
SQL injection in dos (CVE-2025-61029). Risk of unauthorized operations or information disclosure.
CVE-2025-71382 Vulnerability in c (CVE-2025-71382)
vulnerability in c (CVE-2025-71382). Risk of unauthorized operations or information disclosure.
CVE-2026-53662 Cross-Site Scripting (XSS) in CVE-2026-53662 (CVE-2026-53662)
cross-site scripting in CVE-2026-53662 (CVE-2026-53662). Successful exploitation can lead to full system takeover.
CVE-2026-54350 SQL Injection in @budibase/server (CVE-2026-54350)
SQL injection in @budibase/server (CVE-2026-54350). Confidential information can be exposed externally. Exploitable via `POST /api/v2/queries/`. Mitigation: upgrade to `3.39.12` or later.
CVE-2026-52816 Vulnerability in gogs.io/gogs (CVE-2026-52816)
vulnerability in gogs.io/gogs (CVE-2026-52816). Risk of unauthorized operations or information disclosure. Exploitable via `POST /-/api/sanitize_ipynb`. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-56116 Vulnerability in dos (CVE-2026-56116)
vulnerability in dos (CVE-2026-56116). Risk of unauthorized operations or information disclosure.
CVE-2026-44960 Cross-Site Scripting (XSS) in CVE-2026-44960 (CVE-2026-44960)
cross-site scripting in CVE-2026-44960 (CVE-2026-44960). Risk of unauthorized operations or information disclosure.
CVE-2026-44961 Authentication Bypass in CVE-2026-44961 (CVE-2026-44961)
authentication bypass in CVE-2026-44961 (CVE-2026-44961). Risk of unauthorized operations or information disclosure.
CVE-2026-44956 Cross-Site Scripting (XSS) in CVE-2026-44956 (CVE-2026-44956)
cross-site scripting in CVE-2026-44956 (CVE-2026-44956). Risk of unauthorized operations or information disclosure.
CVE-2026-34914 SQL Injection in sqli (CVE-2026-34914)
SQL injection in sqli (CVE-2026-34914). Data can be tampered with by attackers.
CVE-2026-34915 Cross-Site Scripting (XSS) in sqli (CVE-2026-34915)
cross-site scripting in sqli (CVE-2026-34915). Risk of unauthorized operations or information disclosure.
CVE-2025-61020 SQL Injection in dos (CVE-2025-61020)
SQL injection in dos (CVE-2025-61020). Risk of unauthorized operations or information disclosure.
CVE-2025-61021 SQL Injection in dos (CVE-2025-61021)
SQL injection in dos (CVE-2025-61021). Risk of unauthorized operations or information disclosure.
CVE-2025-61022 SQL Injection in dos (CVE-2025-61022)
SQL injection in dos (CVE-2025-61022). Risk of unauthorized operations or information disclosure.
CVE-2025-61023 SQL Injection in dos (CVE-2025-61023)
SQL injection in dos (CVE-2025-61023). Risk of unauthorized operations or information disclosure.
CVE-2025-61025 SQL Injection in dos (CVE-2025-61025)
SQL injection in dos (CVE-2025-61025). Risk of unauthorized operations or information disclosure.
CVE-2025-61027 SQL Injection in dos (CVE-2025-61027)
SQL injection in dos (CVE-2025-61027). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →