Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-47835 |
|
Vulnerability in CVE-2026-47835 (CVE-2026-47835)
vulnerability in CVE-2026-47835 (CVE-2026-47835). Confidential information can be exposed externally.
|
| CVE-2026-48114 |
|
SQL Injection in sqli (CVE-2026-48114)
SQL injection in sqli (CVE-2026-48114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38329 |
|
Vulnerability in CVE-2026-38329 (CVE-2026-38329)
vulnerability in CVE-2026-38329 (CVE-2026-38329). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/files/{key}`.
|
| CVE-2026-38812 |
|
SQL Injection in sqli (CVE-2026-38812)
SQL injection in sqli (CVE-2026-38812). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39196 |
|
SQL Injection in sqli (CVE-2026-39196)
SQL injection in sqli (CVE-2026-39196). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39197 |
|
Vulnerability in dos (CVE-2026-39197)
vulnerability in dos (CVE-2026-39197). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41708 |
|
Vulnerability in dos (CVE-2026-41708)
vulnerability in dos (CVE-2026-41708). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37216 |
|
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
|
| CVE-2026-36670 |
|
SQL Injection in sqli (CVE-2026-36670)
SQL injection in sqli (CVE-2026-36670). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36521 |
|
Cross-Site Scripting (XSS) in CVE-2026-36521 (CVE-2026-36521)
cross-site scripting in CVE-2026-36521 (CVE-2026-36521). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36537 |
|
Vulnerability in CVE-2026-36537 (CVE-2026-36537)
vulnerability in CVE-2026-36537 (CVE-2026-36537). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30120 |
|
Code Injection in remotion (CVE-2026-30120)
code injection in remotion (CVE-2026-30120). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.410` or later.
|
| CVE-2025-55650 |
|
Use-After-Free in c (CVE-2025-55650)
vulnerability in c (CVE-2025-55650). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55652 |
|
Vulnerability in c (CVE-2025-55652)
vulnerability in c (CVE-2025-55652). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55660 |
|
Vulnerability in c (CVE-2025-55660)
vulnerability in c (CVE-2025-55660). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55661 |
|
Vulnerability in dos (CVE-2025-55661)
vulnerability in dos (CVE-2025-55661). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55663 |
|
Vulnerability in c (CVE-2025-55663)
vulnerability in c (CVE-2025-55663). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55643 |
|
Vulnerability in c (CVE-2025-55643)
vulnerability in c (CVE-2025-55643). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55644 |
|
Use-After-Free in c (CVE-2025-55644)
vulnerability in c (CVE-2025-55644). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55645 |
|
Vulnerability in c (CVE-2025-55645)
vulnerability in c (CVE-2025-55645). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55647 |
|
Vulnerability in c (CVE-2025-55647)
vulnerability in c (CVE-2025-55647). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55648 |
|
Vulnerability in c (CVE-2025-55648)
vulnerability in c (CVE-2025-55648). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55649 |
|
Vulnerability in c (CVE-2025-55649)
vulnerability in c (CVE-2025-55649). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55641 |
|
Vulnerability in c (CVE-2025-55641)
vulnerability in c (CVE-2025-55641). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54273 |
|
Vulnerability in aiohttp (CVE-2026-54273)
vulnerability in aiohttp (CVE-2026-54273). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54278 |
|
Vulnerability in aiohttp (CVE-2026-54278)
vulnerability in aiohttp (CVE-2026-54278). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54277 |
|
Vulnerability in aiohttp (CVE-2026-54277)
vulnerability in aiohttp (CVE-2026-54277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-53663 |
|
Cross-Site Request Forgery (CSRF) in react-router (CVE-2026-53663)
vulnerability in react-router (CVE-2026-53663). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.15.1` or later.
|
| CVE-2026-49294 |
|
Cross-Site Scripting (XSS) in CVE-2026-49294 (CVE-2026-49294)
cross-site scripting in CVE-2026-49294 (CVE-2026-49294). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54268 |
|
Vulnerability in @angular/common (CVE-2026-54268)
vulnerability in @angular/common (CVE-2026-54268). Risk of unauthorized operations or information disclosure. Exploitable via ``formatDate``.
|
| CVE-2026-54265 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-54265)
cross-site scripting in @angular/compiler (CVE-2026-54265). Risk of unauthorized operations or information disclosure. Exploitable via ``innerHTML``.
|
| CVE-2026-50557 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-50557)
cross-site scripting in @angular/core (CVE-2026-50557). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50556 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50556)
cross-site scripting in @angular/platform-server (CVE-2026-50556). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|
| CVE-2026-50555 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50555)
cross-site scripting in @angular/platform-server (CVE-2026-50555). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|
| CVE-2026-53550 |
|
Vulnerability in js-yaml (CVE-2026-53550)
vulnerability in js-yaml (CVE-2026-53550). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.15.0` or later.
|
| CVE-2026-50171 |
|
Vulnerability in @angular/common (CVE-2026-50171)
vulnerability in @angular/common (CVE-2026-50171). Risk of unauthorized operations or information disclosure. Exploitable via ``formatNumber``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-52725 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-52725)
cross-site scripting in @angular/core (CVE-2026-52725). Risk of unauthorized operations or information disclosure. Exploitable via ``createComponent``. Mitigation: upgrade to `20.3.22` or later.
|
| CVE-2026-50168 |
|
Vulnerability in @angular/platform-server (CVE-2026-50168)
vulnerability in @angular/platform-server (CVE-2026-50168). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-48779 |
|
Vulnerability in ws (CVE-2026-48779)
vulnerability in ws (CVE-2026-48779). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayload``. Mitigation: upgrade to `8.21.0` or later.
|
| CVE-2026-5038 |
|
Vulnerability in multer (CVE-2026-5038)
vulnerability in multer (CVE-2026-5038). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha.2` or later.
|
| CVE-2026-10634 |
|
Use-After-Free in c (CVE-2026-10634)
vulnerability in c (CVE-2026-10634). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15659 |
|
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
|
| CVE-2025-15658 |
|
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
|
| CVE-2026-5079 |
|
Vulnerability in multer (CVE-2026-5079)
vulnerability in multer (CVE-2026-5079). Risk of unauthorized operations or information disclosure. Exploitable via ``limits.fieldNestingDepth``. Mitigation: upgrade to `3.0.0-alpha.2` or later.
|
| CVE-2026-49111 |
|
Vulnerability in privilege-escalation (CVE-2026-49111)
vulnerability in privilege-escalation (CVE-2026-49111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49062 |
|
Vulnerability in CVE-2026-49062 (CVE-2026-49062)
vulnerability in CVE-2026-49062 (CVE-2026-49062). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25436 |
|
Unrestricted File Upload in wordpress (CVE-2018-25436)
vulnerability in wordpress (CVE-2018-25436). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20084 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2016-20084)
cross-site scripting in wordpress (CVE-2016-20084). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25746 |
|
SQL Injection in wordpress (CVE-2019-25746)
SQL injection in wordpress (CVE-2019-25746). Confidential information can be exposed externally.
|
| CVE-2016-20083 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2016-20083)
vulnerability in wordpress (CVE-2016-20083). Risk of unauthorized operations or information disclosure.
|