Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-13150 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13150)
SSRF in ssrf (CVE-2026-13150). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/reports/{id}/pdf`.
|
| CVE-2026-52943 |
|
Use-After-Free in privilege-escalation (CVE-2026-52943)
vulnerability in privilege-escalation (CVE-2026-52943). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56052 |
|
SQL Injection in sqli (CVE-2026-56052)
SQL injection in sqli (CVE-2026-56052). Confidential information can be exposed externally.
|
| CVE-2026-52914 |
|
Out-of-Bounds Write in dos (CVE-2026-52914)
out-of-bounds write in dos (CVE-2026-52914). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9643 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9643)
cross-site scripting in wordpress (CVE-2026-9643). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_wpms_links.link_url``.
|
| CVE-2026-9179 |
|
SQL Injection in wordpress (CVE-2026-9179)
SQL injection in wordpress (CVE-2026-9179). Confidential information can be exposed externally.
|
| CVE-2026-9620 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9620)
cross-site scripting in wordpress (CVE-2026-9620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8705 |
|
SQL Injection in wordpress (CVE-2026-8705)
SQL injection in wordpress (CVE-2026-8705). Confidential information can be exposed externally. Exploitable via ``clearsale_total_push``.
|
| CVE-2026-8628 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8628)
cross-site scripting in wordpress (CVE-2026-8628). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8865 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8865)
cross-site scripting in wordpress (CVE-2026-8865). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8896 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8896)
cross-site scripting in wordpress (CVE-2026-8896). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6292 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6292)
vulnerability in wordpress (CVE-2026-6292). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8622 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8622)
cross-site scripting in wordpress (CVE-2026-8622). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4297 |
|
Vulnerability in wordpress (CVE-2026-4297)
vulnerability in wordpress (CVE-2026-4297). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12417 |
|
Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
|
| CVE-2026-10091 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10091)
cross-site scripting in wordpress (CVE-2026-10091). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10092 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10092)
cross-site scripting in wordpress (CVE-2026-10092). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10531 |
|
Vulnerability in wordpress (CVE-2026-10531)
vulnerability in wordpress (CVE-2026-10531). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12488 |
|
Vulnerability in dos (CVE-2026-12488)
vulnerability in dos (CVE-2026-12488). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3652 |
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
| CVE-2026-11614 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11614)
cross-site scripting in wordpress (CVE-2026-11614). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54639 |
|
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire...
|
| CVE-2026-56785 |
|
Cross-Site Scripting (XSS) in CVE-2026-56785 (CVE-2026-56785)
cross-site scripting in CVE-2026-56785 (CVE-2026-56785). Confidential information can be exposed externally.
|
| CVE-2026-12163 |
|
Cross-Site Scripting (XSS) in fortra (CVE-2026-12163)
cross-site scripting in fortra (CVE-2026-12163). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54512 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512). Successful exploitation can lead to full system takeover. Exploitable via ``PolymorphicTypeValidator``. Mitigation: upgrade to `2.21.4` or later.
|
| CVE-2026-54514 |
|
SSRF (Server-Side Request Forgery) in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54514)
SSRF in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54514). Risk of unauthorized operations or information disclosure. Exploitable via ``JDKFromStringDeserializer``. Mitigation: upgrade to `3.1.4` or later.
|
| CVE-2026-54516 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54516)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54516). Risk of unauthorized operations or information disclosure. Exploitable via ``MapperFeature.INFER_PROPERTY_MUTATORS``. Mitigation: upgrade to `3.1.4` or later.
|
| CVE-2026-41862 |
|
Unsafe Deserialization in CVE-2026-41862 (CVE-2026-41862)
vulnerability in CVE-2026-41862 (CVE-2026-41862). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12112 |
|
Authentication Bypass in privilege-escalation (CVE-2026-12112)
authentication bypass in privilege-escalation (CVE-2026-12112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55736 |
|
Vulnerability in privilege-escalation (CVE-2026-55736)
vulnerability in privilege-escalation (CVE-2026-55736). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55488 |
|
Path Traversal in motioneye (CVE-2026-55488)
path traversal in motioneye (CVE-2026-55488). Risk of unauthorized operations or information disclosure. Exploitable via `GET /movie/`. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-50221 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50221)
SSRF in ssrf (CVE-2026-50221). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61024 |
|
SQL Injection in dos (CVE-2025-61024)
SQL injection in dos (CVE-2025-61024). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61029 |
|
SQL Injection in dos (CVE-2025-61029)
SQL injection in dos (CVE-2025-61029). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71382 |
|
Vulnerability in c (CVE-2025-71382)
vulnerability in c (CVE-2025-71382). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53662 |
|
Cross-Site Scripting (XSS) in CVE-2026-53662 (CVE-2026-53662)
cross-site scripting in CVE-2026-53662 (CVE-2026-53662). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54350 |
|
SQL Injection in @budibase/server (CVE-2026-54350)
SQL injection in @budibase/server (CVE-2026-54350). Confidential information can be exposed externally. Exploitable via `POST /api/v2/queries/`. Mitigation: upgrade to `3.39.12` or later.
|
| CVE-2026-52816 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52816)
vulnerability in gogs.io/gogs (CVE-2026-52816). Risk of unauthorized operations or information disclosure. Exploitable via `POST /-/api/sanitize_ipynb`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-56116 |
|
Vulnerability in dos (CVE-2026-56116)
vulnerability in dos (CVE-2026-56116). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44960 |
|
Cross-Site Scripting (XSS) in CVE-2026-44960 (CVE-2026-44960)
cross-site scripting in CVE-2026-44960 (CVE-2026-44960). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44961 |
|
Authentication Bypass in CVE-2026-44961 (CVE-2026-44961)
authentication bypass in CVE-2026-44961 (CVE-2026-44961). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44956 |
|
Cross-Site Scripting (XSS) in CVE-2026-44956 (CVE-2026-44956)
cross-site scripting in CVE-2026-44956 (CVE-2026-44956). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34914 |
|
SQL Injection in sqli (CVE-2026-34914)
SQL injection in sqli (CVE-2026-34914). Data can be tampered with by attackers.
|
| CVE-2026-34915 |
|
Cross-Site Scripting (XSS) in sqli (CVE-2026-34915)
cross-site scripting in sqli (CVE-2026-34915). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61020 |
|
SQL Injection in dos (CVE-2025-61020)
SQL injection in dos (CVE-2025-61020). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61021 |
|
SQL Injection in dos (CVE-2025-61021)
SQL injection in dos (CVE-2025-61021). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61022 |
|
SQL Injection in dos (CVE-2025-61022)
SQL injection in dos (CVE-2025-61022). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61023 |
|
SQL Injection in dos (CVE-2025-61023)
SQL injection in dos (CVE-2025-61023). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61025 |
|
SQL Injection in dos (CVE-2025-61025)
SQL injection in dos (CVE-2025-61025). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61027 |
|
SQL Injection in dos (CVE-2025-61027)
SQL injection in dos (CVE-2025-61027). Risk of unauthorized operations or information disclosure.
|