Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-56393 Cross-Site Scripting (XSS) in CVE-2026-56393 (CVE-2026-56393)
cross-site scripting in CVE-2026-56393 (CVE-2026-56393). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.17.0-beta.1` or later.
CVE-2026-56394 Path Traversal in path-traversal (CVE-2026-56394)
path traversal in path-traversal (CVE-2026-56394). Confidential information can be exposed externally.
CVE-2026-56395 Cross-Site Scripting (XSS) in CVE-2026-56395 (CVE-2026-56395)
cross-site scripting in CVE-2026-56395 (CVE-2026-56395). Successful exploitation can lead to full system takeover.
CVE-2026-56397 Cross-Site Scripting (XSS) in CVE-2026-56397 (CVE-2026-56397)
cross-site scripting in CVE-2026-56397 (CVE-2026-56397). Successful exploitation can lead to full system takeover.
CVE-2026-56381 Cross-Site Scripting (XSS) in CVE-2026-56381 (CVE-2026-56381)
cross-site scripting in CVE-2026-56381 (CVE-2026-56381). Risk of unauthorized operations or information disclosure.
CVE-2026-56383 Cross-Site Scripting (XSS) in CVE-2026-56383 (CVE-2026-56383)
cross-site scripting in CVE-2026-56383 (CVE-2026-56383). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.16.19` or later.
CVE-2026-56382 Code Injection in CVE-2026-56382 (CVE-2026-56382)
code injection in CVE-2026-56382 (CVE-2026-56382). Successful exploitation can lead to full system takeover.
CVE-2026-56299 Vulnerability in dos (CVE-2026-56299)
vulnerability in dos (CVE-2026-56299). Risk of unauthorized operations or information disclosure.
CVE-2026-56378 Out-of-Bounds Read in dos (CVE-2026-56378)
vulnerability in dos (CVE-2026-56378). Risk of unauthorized operations or information disclosure.
CVE-2026-56265 Vulnerability in kidocode (CVE-2026-56265)
vulnerability in kidocode (CVE-2026-56265). Successful exploitation can lead to full system takeover.
CVE-2026-56239 Privilege Escalation in privilege-escalation (CVE-2026-56239)
vulnerability in privilege-escalation (CVE-2026-56239). Data can be tampered with by attackers.
CVE-2025-71348 Unsafe Deserialization in mmaitre314 (CVE-2025-71348)
vulnerability in mmaitre314 (CVE-2025-71348). Confidential information can be exposed externally.
CVE-2025-71351 Vulnerability in CVE-2025-71351 (CVE-2025-71351)
vulnerability in CVE-2025-71351 (CVE-2025-71351). Risk of unauthorized operations or information disclosure.
CVE-2026-12789 Vulnerability in sqli (CVE-2026-12789)
vulnerability in sqli (CVE-2026-12789). Risk of unauthorized operations or information disclosure.
CVE-2026-12787 Vulnerability in deserialization (CVE-2026-12787)
vulnerability in deserialization (CVE-2026-12787). Risk of unauthorized operations or information disclosure.
CVE-2026-12775 Vulnerability in sqli (CVE-2026-12775)
vulnerability in sqli (CVE-2026-12775). Risk of unauthorized operations or information disclosure.
CVE-2026-12776 Vulnerability in sqli (CVE-2026-12776)
vulnerability in sqli (CVE-2026-12776). Risk of unauthorized operations or information disclosure.
CVE-2026-56347 Cross-Site Scripting (XSS) in CVE-2026-56347 (CVE-2026-56347)
cross-site scripting in CVE-2026-56347 (CVE-2026-56347). Risk of unauthorized operations or information disclosure.
CVE-2026-56346 Vulnerability in CVE-2026-56346 (CVE-2026-56346)
vulnerability in CVE-2026-56346 (CVE-2026-56346). Risk of unauthorized operations or information disclosure.
CVE-2025-71379 Vulnerability in dos (CVE-2025-71379)
vulnerability in dos (CVE-2025-71379). Risk of unauthorized operations or information disclosure.
CVE-2026-56340 Vulnerability in dos (CVE-2026-56340)
vulnerability in dos (CVE-2026-56340). Successful exploitation can lead to full system takeover.
CVE-2026-5366 Code Injection in prefect (CVE-2026-5366)
code injection in prefect (CVE-2026-5366). Successful exploitation can lead to full system takeover. Exploitable via ``GitRepository``.
CVE-2026-56317 Cross-Site Scripting (XSS) in nuxt (CVE-2026-56317)
cross-site scripting in nuxt (CVE-2026-56317). Risk of unauthorized operations or information disclosure.
CVE-2026-56304 Unsafe Deserialization in dos (CVE-2026-56304)
vulnerability in dos (CVE-2026-56304). Risk of unauthorized operations or information disclosure.
CVE-2026-56294 Authentication Bypass in CVE-2026-56294 (CVE-2026-56294)
authentication bypass in CVE-2026-56294 (CVE-2026-56294). Confidential information can be exposed externally.
CVE-2025-71331 Vulnerability in flowiseai (CVE-2025-71331)
vulnerability in flowiseai (CVE-2025-71331). Risk of unauthorized operations or information disclosure.
CVE-2026-56228 Vulnerability in dos (CVE-2026-56228)
vulnerability in dos (CVE-2026-56228). Risk of unauthorized operations or information disclosure.
CVE-2024-58351 Code Injection in dos (CVE-2024-58351)
code injection in dos (CVE-2024-58351). Successful exploitation can lead to full system takeover.
CVE-2022-50972 Code Injection in CVE-2022-50972 (CVE-2022-50972)
code injection in CVE-2022-50972 (CVE-2022-50972). Successful exploitation can lead to full system takeover.
CVE-2020-37255 Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
CVE-2026-12673 Vulnerability in privilege-escalation (CVE-2026-12673)
vulnerability in privilege-escalation (CVE-2026-12673). Risk of unauthorized operations or information disclosure.
CVE-2019-25763 Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
CVE-2026-11911 Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
CVE-2026-9843 Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
CVE-2026-11551 Vulnerability in wordpress (CVE-2026-11551)
vulnerability in wordpress (CVE-2026-11551). Successful exploitation can lead to full system takeover.
CVE-2026-56082 Vulnerability in dos (CVE-2026-56082)
vulnerability in dos (CVE-2026-56082). Data can be tampered with by attackers.
CVE-2026-56080 Authentication Bypass in dos (CVE-2026-56080)
authentication bypass in dos (CVE-2026-56080). Risk of unauthorized operations or information disclosure.
CVE-2026-56073 Vulnerability in CVE-2026-56073 (CVE-2026-56073)
vulnerability in CVE-2026-56073 (CVE-2026-56073). Confidential information can be exposed externally.
CVE-2026-55877 Cross-Site Scripting (XSS) in symfony/ux-icons (CVE-2026-55877)
cross-site scripting in symfony/ux-icons (CVE-2026-55877). Risk of unauthorized operations or information disclosure. Exploitable via ``body``. Mitigation: upgrade to `3.2.0` or later.
CVE-2026-32208 Cross-Site Scripting (XSS) in microsoft (CVE-2026-32208)
cross-site scripting in microsoft (CVE-2026-32208). Successful exploitation can lead to full system takeover.
CVE-2026-9375 Vulnerability in dos (CVE-2026-9375)
vulnerability in dos (CVE-2026-9375). Risk of unauthorized operations or information disclosure. Exploitable via ``response.py``.
CVE-2026-27878 Vulnerability in dos (CVE-2026-27878)
vulnerability in dos (CVE-2026-27878). Risk of unauthorized operations or information disclosure.
CVE-2026-55660 Cross-Site Scripting (XSS) in tinacms (CVE-2026-55660)
cross-site scripting in tinacms (CVE-2026-55660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-55791 Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55791)
cross-site scripting in craftcms/cms (CVE-2026-55791). Risk of unauthorized operations or information disclosure. Exploitable via ``trustedHosts``. Mitigation: upgrade to `4.18` or later.
CVE-2026-54074 Code Injection in @tinacms/cli (CVE-2026-54074)
code injection in @tinacms/cli (CVE-2026-54074). Successful exploitation can lead to full system takeover. Exploitable via ``addVariablesToCode``. Mitigation: upgrade to `2.4.3` or later.
CVE-2026-54775 Vulnerability in CoreWCF.Kafka (CVE-2026-54775)
vulnerability in CoreWCF.Kafka (CVE-2026-54775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-48787 OS Command Injection in vue (CVE-2026-48787)
OS command injection in vue (CVE-2026-48787). Risk of unauthorized operations or information disclosure. Exploitable via `POST /autoCode/addFunc`.
CVE-2026-49345 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-49345)
SSRF in ssrf (CVE-2026-49345). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigurationController``.
CVE-2026-55778 Unrestricted File Upload in parse-server (CVE-2026-55778)
vulnerability in parse-server (CVE-2026-55778). Risk of unauthorized operations or information disclosure. Exploitable via ``fileUpload.fileExtensions``. Mitigation: upgrade to `8.6.81` or later.
CVE-2026-54592 Out-of-Bounds Read in oj (CVE-2026-54592)
vulnerability in oj (CVE-2026-54592). Risk of unauthorized operations or information disclosure. Exploitable via ``doc_each_child``. Mitigation: upgrade to `3.17.3` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →