Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56393 |
|
Cross-Site Scripting (XSS) in CVE-2026-56393 (CVE-2026-56393)
cross-site scripting in CVE-2026-56393 (CVE-2026-56393). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.17.0-beta.1` or later.
|
| CVE-2026-56394 |
|
Path Traversal in path-traversal (CVE-2026-56394)
path traversal in path-traversal (CVE-2026-56394). Confidential information can be exposed externally.
|
| CVE-2026-56395 |
|
Cross-Site Scripting (XSS) in CVE-2026-56395 (CVE-2026-56395)
cross-site scripting in CVE-2026-56395 (CVE-2026-56395). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56397 |
|
Cross-Site Scripting (XSS) in CVE-2026-56397 (CVE-2026-56397)
cross-site scripting in CVE-2026-56397 (CVE-2026-56397). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56381 |
|
Cross-Site Scripting (XSS) in CVE-2026-56381 (CVE-2026-56381)
cross-site scripting in CVE-2026-56381 (CVE-2026-56381). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56383 |
|
Cross-Site Scripting (XSS) in CVE-2026-56383 (CVE-2026-56383)
cross-site scripting in CVE-2026-56383 (CVE-2026-56383). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.16.19` or later.
|
| CVE-2026-56382 |
|
Code Injection in CVE-2026-56382 (CVE-2026-56382)
code injection in CVE-2026-56382 (CVE-2026-56382). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56299 |
|
Vulnerability in dos (CVE-2026-56299)
vulnerability in dos (CVE-2026-56299). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56378 |
|
Out-of-Bounds Read in dos (CVE-2026-56378)
vulnerability in dos (CVE-2026-56378). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56265 |
|
Vulnerability in kidocode (CVE-2026-56265)
vulnerability in kidocode (CVE-2026-56265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56239 |
|
Privilege Escalation in privilege-escalation (CVE-2026-56239)
vulnerability in privilege-escalation (CVE-2026-56239). Data can be tampered with by attackers.
|
| CVE-2025-71348 |
|
Unsafe Deserialization in mmaitre314 (CVE-2025-71348)
vulnerability in mmaitre314 (CVE-2025-71348). Confidential information can be exposed externally.
|
| CVE-2025-71351 |
|
Vulnerability in CVE-2025-71351 (CVE-2025-71351)
vulnerability in CVE-2025-71351 (CVE-2025-71351). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12789 |
|
Vulnerability in sqli (CVE-2026-12789)
vulnerability in sqli (CVE-2026-12789). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12787 |
|
Vulnerability in deserialization (CVE-2026-12787)
vulnerability in deserialization (CVE-2026-12787). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12775 |
|
Vulnerability in sqli (CVE-2026-12775)
vulnerability in sqli (CVE-2026-12775). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12776 |
|
Vulnerability in sqli (CVE-2026-12776)
vulnerability in sqli (CVE-2026-12776). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56347 |
|
Cross-Site Scripting (XSS) in CVE-2026-56347 (CVE-2026-56347)
cross-site scripting in CVE-2026-56347 (CVE-2026-56347). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56346 |
|
Vulnerability in CVE-2026-56346 (CVE-2026-56346)
vulnerability in CVE-2026-56346 (CVE-2026-56346). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71379 |
|
Vulnerability in dos (CVE-2025-71379)
vulnerability in dos (CVE-2025-71379). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56340 |
|
Vulnerability in dos (CVE-2026-56340)
vulnerability in dos (CVE-2026-56340). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5366 |
|
Code Injection in prefect (CVE-2026-5366)
code injection in prefect (CVE-2026-5366). Successful exploitation can lead to full system takeover. Exploitable via ``GitRepository``.
|
| CVE-2026-56317 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-56317)
cross-site scripting in nuxt (CVE-2026-56317). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56304 |
|
Unsafe Deserialization in dos (CVE-2026-56304)
vulnerability in dos (CVE-2026-56304). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56294 |
|
Authentication Bypass in CVE-2026-56294 (CVE-2026-56294)
authentication bypass in CVE-2026-56294 (CVE-2026-56294). Confidential information can be exposed externally.
|
| CVE-2025-71331 |
|
Vulnerability in flowiseai (CVE-2025-71331)
vulnerability in flowiseai (CVE-2025-71331). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56228 |
|
Vulnerability in dos (CVE-2026-56228)
vulnerability in dos (CVE-2026-56228). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-58351 |
|
Code Injection in dos (CVE-2024-58351)
code injection in dos (CVE-2024-58351). Successful exploitation can lead to full system takeover.
|
| CVE-2022-50972 |
|
Code Injection in CVE-2022-50972 (CVE-2022-50972)
code injection in CVE-2022-50972 (CVE-2022-50972). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37255 |
|
Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
|
| CVE-2026-12673 |
|
Vulnerability in privilege-escalation (CVE-2026-12673)
vulnerability in privilege-escalation (CVE-2026-12673). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25763 |
|
Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11911 |
|
Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
|
| CVE-2026-9843 |
|
Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
|
| CVE-2026-11551 |
|
Vulnerability in wordpress (CVE-2026-11551)
vulnerability in wordpress (CVE-2026-11551). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56082 |
|
Vulnerability in dos (CVE-2026-56082)
vulnerability in dos (CVE-2026-56082). Data can be tampered with by attackers.
|
| CVE-2026-56080 |
|
Authentication Bypass in dos (CVE-2026-56080)
authentication bypass in dos (CVE-2026-56080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56073 |
|
Vulnerability in CVE-2026-56073 (CVE-2026-56073)
vulnerability in CVE-2026-56073 (CVE-2026-56073). Confidential information can be exposed externally.
|
| CVE-2026-55877 |
|
Cross-Site Scripting (XSS) in symfony/ux-icons (CVE-2026-55877)
cross-site scripting in symfony/ux-icons (CVE-2026-55877). Risk of unauthorized operations or information disclosure. Exploitable via ``body``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-32208 |
|
Cross-Site Scripting (XSS) in microsoft (CVE-2026-32208)
cross-site scripting in microsoft (CVE-2026-32208). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9375 |
|
Vulnerability in dos (CVE-2026-9375)
vulnerability in dos (CVE-2026-9375). Risk of unauthorized operations or information disclosure. Exploitable via ``response.py``.
|
| CVE-2026-27878 |
|
Vulnerability in dos (CVE-2026-27878)
vulnerability in dos (CVE-2026-27878). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55660 |
|
Cross-Site Scripting (XSS) in tinacms (CVE-2026-55660)
cross-site scripting in tinacms (CVE-2026-55660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-55791 |
|
Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55791)
cross-site scripting in craftcms/cms (CVE-2026-55791). Risk of unauthorized operations or information disclosure. Exploitable via ``trustedHosts``. Mitigation: upgrade to `4.18` or later.
|
| CVE-2026-54074 |
|
Code Injection in @tinacms/cli (CVE-2026-54074)
code injection in @tinacms/cli (CVE-2026-54074). Successful exploitation can lead to full system takeover. Exploitable via ``addVariablesToCode``. Mitigation: upgrade to `2.4.3` or later.
|
| CVE-2026-54775 |
|
Vulnerability in CoreWCF.Kafka (CVE-2026-54775)
vulnerability in CoreWCF.Kafka (CVE-2026-54775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-48787 |
|
OS Command Injection in vue (CVE-2026-48787)
OS command injection in vue (CVE-2026-48787). Risk of unauthorized operations or information disclosure. Exploitable via `POST /autoCode/addFunc`.
|
| CVE-2026-49345 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-49345)
SSRF in ssrf (CVE-2026-49345). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigurationController``.
|
| CVE-2026-55778 |
|
Unrestricted File Upload in parse-server (CVE-2026-55778)
vulnerability in parse-server (CVE-2026-55778). Risk of unauthorized operations or information disclosure. Exploitable via ``fileUpload.fileExtensions``. Mitigation: upgrade to `8.6.81` or later.
|
| CVE-2026-54592 |
|
Out-of-Bounds Read in oj (CVE-2026-54592)
vulnerability in oj (CVE-2026-54592). Risk of unauthorized operations or information disclosure. Exploitable via ``doc_each_child``. Mitigation: upgrade to `3.17.3` or later.
|