Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2017-20267 SQL Injection in sqli (CVE-2017-20267)
SQL injection in sqli (CVE-2017-20267). Confidential information can be exposed externally.
CVE-2017-20258 SQL Injection in sqli (CVE-2017-20258)
SQL injection in sqli (CVE-2017-20258). Confidential information can be exposed externally.
CVE-2017-20254 SQL Injection in sqli (CVE-2017-20254)
SQL injection in sqli (CVE-2017-20254). Confidential information can be exposed externally.
CVE-2017-20255 SQL Injection in sqli (CVE-2017-20255)
SQL injection in sqli (CVE-2017-20255). Confidential information can be exposed externally.
CVE-2017-20252 SQL Injection in sqli (CVE-2017-20252)
SQL injection in sqli (CVE-2017-20252). Confidential information can be exposed externally.
CVE-2017-20253 SQL Injection in sqli (CVE-2017-20253)
SQL injection in sqli (CVE-2017-20253). Confidential information can be exposed externally.
CVE-2026-49286 Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
CVE-2026-49290 Path Traversal in CVE-2026-49290 (CVE-2026-49290)
path traversal in CVE-2026-49290 (CVE-2026-49290). Risk of unauthorized operations or information disclosure. Exploitable via ``zipfile``.
CVE-2020-37254 Vulnerability in privilege-escalation (CVE-2020-37254)
vulnerability in privilege-escalation (CVE-2020-37254). Successful exploitation can lead to full system takeover.
CVE-2016-20090 Vulnerability in privilege-escalation (CVE-2016-20090)
vulnerability in privilege-escalation (CVE-2016-20090). Successful exploitation can lead to full system takeover.
CVE-2016-20092 Vulnerability in privilege-escalation (CVE-2016-20092)
vulnerability in privilege-escalation (CVE-2016-20092). Successful exploitation can lead to full system takeover.
CVE-2026-49871 Cross-Site Request Forgery (CSRF) in apache (CVE-2026-49871)
vulnerability in apache (CVE-2026-49871). Confidential information can be exposed externally.
CVE-2026-49230 Vulnerability in apache (CVE-2026-49230)
vulnerability in apache (CVE-2026-49230). Confidential information can be exposed externally.
CVE-2026-49231 Vulnerability in apache (CVE-2026-49231)
vulnerability in apache (CVE-2026-49231). Risk of unauthorized operations or information disclosure.
CVE-2026-39999 Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
CVE-2026-47341 Vulnerability in apache (CVE-2026-47341)
vulnerability in apache (CVE-2026-47341). Risk of unauthorized operations or information disclosure.
CVE-2026-48140 Vulnerability in dos (CVE-2026-48140)
vulnerability in dos (CVE-2026-48140). Risk of unauthorized operations or information disclosure.
CVE-2026-48141 Vulnerability in dos (CVE-2026-48141)
vulnerability in dos (CVE-2026-48141). Risk of unauthorized operations or information disclosure.
CVE-2026-48138 Out-of-Bounds Read in dos (CVE-2026-48138)
vulnerability in dos (CVE-2026-48138). Risk of unauthorized operations or information disclosure.
CVE-2026-48139 Vulnerability in dos (CVE-2026-48139)
vulnerability in dos (CVE-2026-48139). Risk of unauthorized operations or information disclosure.
CVE-2026-48137 Vulnerability in ni (CVE-2026-48137)
vulnerability in ni (CVE-2026-48137). Confidential information can be exposed externally.
CVE-2026-56142 Vulnerability in privilege-escalation (CVE-2026-56142)
vulnerability in privilege-escalation (CVE-2026-56142). Successful exploitation can lead to full system takeover.
CVE-2026-53915 Vulnerability in jetbrains (CVE-2026-53915)
vulnerability in jetbrains (CVE-2026-53915). Risk of unauthorized operations or information disclosure.
CVE-2026-50242 Vulnerability in jetbrains (CVE-2026-50242)
vulnerability in jetbrains (CVE-2026-50242). Successful exploitation can lead to full system takeover.
CVE-2026-12706 Use-After-Free in dos (CVE-2026-12706)
vulnerability in dos (CVE-2026-12706). Risk of unauthorized operations or information disclosure.
CVE-2026-11941 Use-After-Free in quiche (CVE-2026-11941)
vulnerability in quiche (CVE-2026-11941). Risk of unauthorized operations or information disclosure. Exploitable via ``quiche_connection_id_iter_next``. Mitigation: upgrade to `0.29.2` or later.
CVE-2026-8296 Cross-Site Scripting (XSS) in CVE-2026-8296 (CVE-2026-8296)
cross-site scripting in CVE-2026-8296 (CVE-2026-8296). Risk of unauthorized operations or information disclosure.
CVE-2026-56138 Path Traversal in path-traversal (CVE-2026-56138)
path traversal in path-traversal (CVE-2026-56138). Risk of unauthorized operations or information disclosure.
CVE-2026-12157 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12157)
cross-site scripting in wordpress (CVE-2026-12157). Risk of unauthorized operations or information disclosure.
CVE-2026-1856 Cross-Site Scripting (XSS) in wordpress (CVE-2026-1856)
cross-site scripting in wordpress (CVE-2026-1856). Risk of unauthorized operations or information disclosure.
CVE-2026-12430 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12430)
cross-site scripting in wordpress (CVE-2026-12430). Risk of unauthorized operations or information disclosure.
CVE-2026-4328 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-4328)
SSRF in wordpress (CVE-2026-4328). Risk of unauthorized operations or information disclosure.
CVE-2026-7547 Path Traversal in wordpress (CVE-2026-7547)
path traversal in wordpress (CVE-2026-7547). Confidential information can be exposed externally.
CVE-2026-54414 Path Traversal in path-traversal (CVE-2026-54414)
path traversal in path-traversal (CVE-2026-54414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.16.0` or later.
CVE-2026-8713 Path Traversal in wordpress (CVE-2026-8713)
path traversal in wordpress (CVE-2026-8713). Data can be tampered with by attackers.
CVE-2026-10034 Vulnerability in wordpress (CVE-2026-10034)
vulnerability in wordpress (CVE-2026-10034). Risk of unauthorized operations or information disclosure.
CVE-2026-10720 Vulnerability in github.com/canonical/microceph/microceph (CVE-2026-10720)
vulnerability in github.com/canonical/microceph/microceph (CVE-2026-10720). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.0-20260609072127-5c2760d8fb76` or later.
CVE-2026-8805 Vulnerability in dos (CVE-2026-8805)
vulnerability in dos (CVE-2026-8805). Risk of unauthorized operations or information disclosure.
CVE-2026-12048 Cross-Site Scripting (XSS) in react (CVE-2026-12048)
cross-site scripting in react (CVE-2026-12048). Confidential information can be exposed externally.
CVE-2026-12050 SQL Injection in sqli (CVE-2026-12050)
SQL injection in sqli (CVE-2026-12050). Risk of unauthorized operations or information disclosure. Exploitable via `POST /browser/server/restore_point/{gid}/{sid}`.
CVE-2026-12044 SQL Injection in sqli (CVE-2026-12044)
SQL injection in sqli (CVE-2026-12044). Successful exploitation can lead to full system takeover. Exploitable via ``qtLiteral``.
CVE-2026-56078 Path Traversal in praisonai (CVE-2026-56078)
path traversal in praisonai (CVE-2026-56078). Successful exploitation can lead to full system takeover. Exploitable via ``MultiAgentLedger``. Mitigation: upgrade to `1.5.115` or later.
CVE-2026-12046 Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
CVE-2026-12045 Command Injection in pgadmin (CVE-2026-12045)
command injection in pgadmin (CVE-2026-12045). Successful exploitation can lead to full system takeover.
CVE-2026-22674 Cross-Site Scripting (XSS) in CVE-2026-22674 (CVE-2026-22674)
cross-site scripting in CVE-2026-22674 (CVE-2026-22674). Risk of unauthorized operations or information disclosure.
CVE-2026-47833 Vulnerability in privilege-escalation (CVE-2026-47833)
vulnerability in privilege-escalation (CVE-2026-47833). Confidential information can be exposed externally.
CVE-2026-49252 Vulnerability in @deepstream/server (CVE-2026-49252)
vulnerability in @deepstream/server (CVE-2026-49252). Confidential information can be exposed externally. Exploitable via ``__proto__``. Mitigation: upgrade to `10.0.5` or later.
CVE-2026-43994 Vulnerability in coturn-project (CVE-2026-43994)
vulnerability in coturn-project (CVE-2026-43994). Successful exploitation can lead to full system takeover.
CVE-2026-45696 Vulnerability in dos (CVE-2026-45696)
vulnerability in dos (CVE-2026-45696). Risk of unauthorized operations or information disclosure.
CVE-2026-43915 Cross-Site Scripting (XSS) in coturn-project (CVE-2026-43915)
cross-site scripting in coturn-project (CVE-2026-43915). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →