Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53606 |
|
Cross-Site Scripting (XSS) in CVE-2026-53606 (CVE-2026-53606)
cross-site scripting in CVE-2026-53606 (CVE-2026-53606). Risk of unauthorized operations or information disclosure. Exploitable via ``allowedSchemesAppliedToAttributes``.
|
| CVE-2026-53607 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-53607)
SSRF in ssrf (CVE-2026-53607). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``.
|
| CVE-2026-45775 |
|
Path Traversal in path-traversal (CVE-2026-45775)
path traversal in path-traversal (CVE-2026-45775). Confidential information can be exposed externally.
|
| CVE-2026-4870 |
|
Vulnerability in dos (CVE-2026-4870)
vulnerability in dos (CVE-2026-4870). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45014 |
|
Cross-Site Scripting (XSS) in CVE-2026-45014 (CVE-2026-45014)
cross-site scripting in CVE-2026-45014 (CVE-2026-45014). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44311 |
|
Cross-Site Scripting (XSS) in fabric (CVE-2026-44311)
cross-site scripting in fabric (CVE-2026-44311). Risk of unauthorized operations or information disclosure. Exploitable via ``color``. Mitigation: upgrade to `7.4.0` or later.
|
| CVE-2026-54358 |
|
Authorization Flaw in privilege-escalation (CVE-2026-54358)
vulnerability in privilege-escalation (CVE-2026-54358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54055 |
|
Vulnerability in privilege-escalation (CVE-2026-54055)
vulnerability in privilege-escalation (CVE-2026-54055). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``.
|
| CVE-2026-50552 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50552)
SSRF in ssrf (CVE-2026-50552). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/radio/stations`.
|
| CVE-2026-43872 |
|
Path Traversal in path-traversal (CVE-2026-43872)
path traversal in path-traversal (CVE-2026-43872). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53724 |
|
Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
cross-site scripting in parse-server (CVE-2026-53724). Risk of unauthorized operations or information disclosure. Exploitable via ``poc.svg.``. Mitigation: upgrade to `8.6.79` or later.
|
| CVE-2026-48558 KEV |
|
[KEV] Vulnerability in Simplehelp simple-help (CVE-2026-48558)
vulnerability in Simplehelp simple-help (CVE-2026-48558). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6961 |
|
Path Traversal in path-traversal (CVE-2026-6961)
path traversal in path-traversal (CVE-2026-6961). Data can be tampered with by attackers.
|
| CVE-2026-3840 |
|
Path Traversal in path-traversal (CVE-2026-3840)
path traversal in path-traversal (CVE-2026-3840). Confidential information can be exposed externally.
|
| CVE-2025-58175 |
|
Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175). Confidential information can be exposed externally. Exploitable via ``ENTITY_RESOLUTION_ALLOWLIST``. Mitigation: upgrade to `2.27.3` or later.
|
| CVE-2026-47222 |
|
Out-of-Bounds Read in dos (CVE-2026-47222)
vulnerability in dos (CVE-2026-47222). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5792 |
|
Vulnerability in CVE-2026-5792 (CVE-2026-5792)
vulnerability in CVE-2026-5792 (CVE-2026-5792). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53568 |
|
Cross-Site Scripting (XSS) in CVE-2026-53568 (CVE-2026-53568)
cross-site scripting in CVE-2026-53568 (CVE-2026-53568). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50009 |
|
Information Disclosure in io.netty:netty-codec-classes-quic (CVE-2026-50009)
vulnerability in io.netty:netty-codec-classes-quic (CVE-2026-50009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-53787 |
|
Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6853 |
|
Vulnerability in CVE-2026-6853 (CVE-2026-6853)
vulnerability in CVE-2026-6853 (CVE-2026-6853). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53722 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-53722)
cross-site scripting in nuxt (CVE-2026-53722). Risk of unauthorized operations or information disclosure. Exploitable via ``href``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-47739 |
|
Cross-Site Scripting (XSS) in CVE-2026-47739 (CVE-2026-47739)
cross-site scripting in CVE-2026-47739 (CVE-2026-47739). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44205 |
|
Cross-Site Scripting (XSS) in CVE-2026-44205 (CVE-2026-44205)
cross-site scripting in CVE-2026-44205 (CVE-2026-44205). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41581 |
|
SQL Injection in sqli (CVE-2026-41581)
SQL injection in sqli (CVE-2026-41581). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50632 |
|
Vulnerability in apache (CVE-2026-50632)
vulnerability in apache (CVE-2026-50632). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50645 |
|
Vulnerability in apache (CVE-2026-50645)
vulnerability in apache (CVE-2026-50645). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48914 |
|
Vulnerability in c (CVE-2026-48914)
vulnerability in c (CVE-2026-48914). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50623 |
|
Authentication Bypass in apache (CVE-2026-50623)
authentication bypass in apache (CVE-2026-50623). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11847 |
|
Path Traversal in path-traversal (CVE-2026-11847)
path traversal in path-traversal (CVE-2026-11847). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9269 |
|
Vulnerability in wordpress (CVE-2026-9269)
vulnerability in wordpress (CVE-2026-9269). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45169 |
|
Vulnerability in dos (CVE-2026-45169)
vulnerability in dos (CVE-2026-45169). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48613 |
|
SQL Injection in sqli (CVE-2026-48613)
SQL injection in sqli (CVE-2026-48613). Confidential information can be exposed externally.
|
| CVE-2026-47368 |
|
Path Traversal in path-traversal (CVE-2026-47368)
path traversal in path-traversal (CVE-2026-47368). Confidential information can be exposed externally.
|
| CVE-2026-47366 |
|
Vulnerability in privilege-escalation (CVE-2026-47366)
vulnerability in privilege-escalation (CVE-2026-47366). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7737 |
|
Vulnerability in jvn (CVE-2025-7737)
vulnerability in jvn (CVE-2025-7737). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9125 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9125)
cross-site scripting in wordpress (CVE-2026-9125). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11933 |
|
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when...
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when...
|
| CVE-2026-45418 |
|
SQL Injection in sqli (CVE-2026-45418)
SQL injection in sqli (CVE-2026-45418). Successful exploitation can lead to full system takeover. Exploitable via `POST /actions/subtitle_edit.php`.
|
| CVE-2026-45060 |
|
SQL Injection in sqli (CVE-2026-45060)
SQL injection in sqli (CVE-2026-45060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49060 |
|
Vulnerability in privilege-escalation (CVE-2026-49060)
vulnerability in privilege-escalation (CVE-2026-49060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42653 |
|
Cross-Site Scripting (XSS) in CVE-2026-42653 (CVE-2026-42653)
cross-site scripting in CVE-2026-42653 (CVE-2026-42653). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42647 |
|
SQL Injection in sqli (CVE-2026-42647)
SQL injection in sqli (CVE-2026-42647). Confidential information can be exposed externally.
|
| CVE-2026-39494 |
|
SQL Injection in sqli (CVE-2026-39494)
SQL injection in sqli (CVE-2026-39494). Confidential information can be exposed externally.
|
| CVE-2026-12018 |
|
Privilege Escalation in privilege-escalation (CVE-2026-12018)
vulnerability in privilege-escalation (CVE-2026-12018). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53814 |
|
Information Disclosure in openclaw (CVE-2026-53814)
vulnerability in openclaw (CVE-2026-53814). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.20` or later.
|
| CVE-2026-53811 |
|
Vulnerability in openclaw (CVE-2026-53811)
vulnerability in openclaw (CVE-2026-53811). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.7` or later.
|
| CVE-2026-53813 |
|
Vulnerability in openclaw (CVE-2026-53813)
vulnerability in openclaw (CVE-2026-53813). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-48109 |
|
Vulnerability in MessagePack (CVE-2026-48109)
vulnerability in MessagePack (CVE-2026-48109). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2025-27511 |
|
Vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511)
vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.27.0` or later.
|