Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-56024 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-56024)
vulnerability in csrf (CVE-2026-56024). Risk of unauthorized operations or information disclosure.
CVE-2026-55204 Vulnerability in c (CVE-2026-55204)
vulnerability in c (CVE-2026-55204). Risk of unauthorized operations or information disclosure.
CVE-2026-38718 Vulnerability in dos (CVE-2026-38718)
vulnerability in dos (CVE-2026-38718). Risk of unauthorized operations or information disclosure.
CVE-2026-11982 Cross-Site Scripting (XSS) in CVE-2026-11982 (CVE-2026-11982)
cross-site scripting in CVE-2026-11982 (CVE-2026-11982). Risk of unauthorized operations or information disclosure.
CVE-2026-48986 Vulnerability in dos (CVE-2026-48986)
vulnerability in dos (CVE-2026-48986). Risk of unauthorized operations or information disclosure.
CVE-2026-58399 Authentication Bypass in @acastellon/auth (CVE-2026-58399)
authentication bypass in @acastellon/auth (CVE-2026-58399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /protected`. Mitigation: upgrade to `2.3.0` or later.
CVE-2026-55237 Vulnerability in CVE-2026-55237 (CVE-2026-55237)
vulnerability in CVE-2026-55237 (CVE-2026-55237). Confidential information can be exposed externally. Exploitable via ``next``.
CVE-2025-32392 Vulnerability in dos (CVE-2025-32392)
vulnerability in dos (CVE-2025-32392). Risk of unauthorized operations or information disclosure.
CVE-2025-32422 Vulnerability in dos (CVE-2025-32422)
vulnerability in dos (CVE-2025-32422). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
CVE-2025-32424 Vulnerability in dos (CVE-2025-32424)
vulnerability in dos (CVE-2025-32424). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
CVE-2025-32436 Vulnerability in dos (CVE-2025-32436)
vulnerability in dos (CVE-2025-32436). Risk of unauthorized operations or information disclosure. Exploitable via ``AddAudioToVideoBlock``.
CVE-2025-32437 Vulnerability in dos (CVE-2025-32437)
vulnerability in dos (CVE-2025-32437). Risk of unauthorized operations or information disclosure. Exploitable via ``MediaDurationBlock``.
CVE-2026-8806 Vulnerability in cisa (CVE-2026-8806)
vulnerability in cisa (CVE-2026-8806). Risk of unauthorized operations or information disclosure.
CVE-2026-11791 Use-After-Free in dos (CVE-2026-11791)
vulnerability in dos (CVE-2026-11791). Risk of unauthorized operations or information disclosure.
CVE-2026-8024 Unsafe Deserialization in deserialization (CVE-2026-8024)
vulnerability in deserialization (CVE-2026-8024). Successful exploitation can lead to full system takeover.
CVE-2026-56012 SQL Injection in sqli (CVE-2026-56012)
SQL injection in sqli (CVE-2026-56012). Confidential information can be exposed externally.
CVE-2026-8461 Out-of-Bounds Write in c (CVE-2026-8461)
out-of-bounds write in c (CVE-2026-8461). Successful exploitation can lead to full system takeover.
CVE-2026-40457 Cross-Site Scripting (XSS) in CVE-2026-40457 (CVE-2026-40457)
cross-site scripting in CVE-2026-40457 (CVE-2026-40457). Risk of unauthorized operations or information disclosure.
CVE-2026-54221 Cross-Site Scripting (XSS) in CVE-2026-54221 (CVE-2026-54221)
cross-site scripting in CVE-2026-54221 (CVE-2026-54221). Risk of unauthorized operations or information disclosure.
CVE-2026-56009 Cross-Site Scripting (XSS) in CVE-2026-56009 (CVE-2026-56009)
cross-site scripting in CVE-2026-56009 (CVE-2026-56009). Risk of unauthorized operations or information disclosure.
CVE-2026-54219 Cross-Site Scripting (XSS) in CVE-2026-54219 (CVE-2026-54219)
cross-site scripting in CVE-2026-54219 (CVE-2026-54219). Risk of unauthorized operations or information disclosure.
CVE-2026-56007 Cross-Site Scripting (XSS) in CVE-2026-56007 (CVE-2026-56007)
cross-site scripting in CVE-2026-56007 (CVE-2026-56007). Risk of unauthorized operations or information disclosure.
CVE-2026-54220 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-54220)
vulnerability in csrf (CVE-2026-54220). Risk of unauthorized operations or information disclosure.
CVE-2026-54222 SQL Injection in sqli (CVE-2026-54222)
SQL injection in sqli (CVE-2026-54222). Risk of unauthorized operations or information disclosure.
CVE-2026-40455 SQL Injection in sqli (CVE-2026-40455)
SQL injection in sqli (CVE-2026-40455). Risk of unauthorized operations or information disclosure.
CVE-2026-54419 SQL Injection in sqli (CVE-2026-54419)
SQL injection in sqli (CVE-2026-54419). Successful exploitation can lead to full system takeover.
CVE-2026-44942 Vulnerability in path-traversal (CVE-2026-44942)
vulnerability in path-traversal (CVE-2026-44942). Risk of unauthorized operations or information disclosure.
CVE-2026-54223 Path Traversal in path-traversal (CVE-2026-54223)
path traversal in path-traversal (CVE-2026-54223). Risk of unauthorized operations or information disclosure.
CVE-2026-54224 Vulnerability in dos (CVE-2026-54224)
vulnerability in dos (CVE-2026-54224). Risk of unauthorized operations or information disclosure.
CVE-2026-8039 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8039)
cross-site scripting in wordpress (CVE-2026-8039). Risk of unauthorized operations or information disclosure.
CVE-2026-2021 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2021)
cross-site scripting in wordpress (CVE-2026-2021). Risk of unauthorized operations or information disclosure.
CVE-2026-11718 Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
CVE-2026-11717 Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
CVE-2026-44727 Cross-Site Scripting (XSS) in jupyter-server (CVE-2026-44727)
cross-site scripting in jupyter-server (CVE-2026-44727). Risk of unauthorized operations or information disclosure. Exploitable via ``nbconvert.HTMLExporter``. Mitigation: upgrade to `2.20.0` or later.
CVE-2026-12568 Path Traversal in bbot (CVE-2026-12568)
path traversal in bbot (CVE-2026-12568). Data can be tampered with by attackers. Exploitable via ``postman_download``. Mitigation: upgrade to `2.8.6` or later.
CVE-2026-12565 Path Traversal in bbot (CVE-2026-12565)
path traversal in bbot (CVE-2026-12565). Data can be tampered with by attackers. Exploitable via ``unarchive``. Mitigation: upgrade to `2.8.5` or later.
CVE-2026-11958 Vulnerability in c (CVE-2026-11958)
vulnerability in c (CVE-2026-11958). Risk of unauthorized operations or information disclosure.
CVE-2026-55661 Cross-Site Scripting (XSS) in tinacms (CVE-2026-55661)
cross-site scripting in tinacms (CVE-2026-55661). Risk of unauthorized operations or information disclosure. Exploitable via ``url``. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-55886 Vulnerability in jodit (CVE-2026-55886)
vulnerability in jodit (CVE-2026-55886). Risk of unauthorized operations or information disclosure. Exploitable via ``chain``. Mitigation: upgrade to `4.12.26` or later.
CVE-2026-55746 Cross-Site Scripting (XSS) in cotonti/cotonti (CVE-2026-55746)
cross-site scripting in cotonti/cotonti (CVE-2026-55746). Confidential information can be exposed externally.
CVE-2026-55745 Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55745)
vulnerability in cotonti/cotonti (CVE-2026-55745). Risk of unauthorized operations or information disclosure.
CVE-2026-12098 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12098)
cross-site scripting in wordpress (CVE-2026-12098). Risk of unauthorized operations or information disclosure.
CVE-2026-12137 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12137)
cross-site scripting in wordpress (CVE-2026-12137). Risk of unauthorized operations or information disclosure.
CVE-2026-12136 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12136)
cross-site scripting in wordpress (CVE-2026-12136). Risk of unauthorized operations or information disclosure.
CVE-2026-55741 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
CVE-2026-55744 Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
CVE-2026-55742 Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
CVE-2026-28573 Vulnerability in dos (CVE-2026-28573)
vulnerability in dos (CVE-2026-28573). Risk of unauthorized operations or information disclosure.
CVE-2026-11358 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11358)
cross-site scripting in wordpress (CVE-2026-11358). Risk of unauthorized operations or information disclosure.
CVE-2026-11402 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11402)
cross-site scripting in wordpress (CVE-2026-11402). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →