Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53474 |
|
SQL Injection in sqli (CVE-2026-53474)
SQL injection in sqli (CVE-2026-53474). Confidential information can be exposed externally.
|
| CVE-2026-45556 |
|
Vulnerability in nginx (CVE-2026-45556)
vulnerability in nginx (CVE-2026-45556). Successful exploitation can lead to full system takeover. Exploitable via `POST /waf/`.
|
| CVE-2026-45558 |
|
Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
|
| CVE-2026-53441 |
|
Cross-Site Scripting (XSS) in org.jenkins-ci.main:jenkins-core (CVE-2026-53441)
cross-site scripting in org.jenkins-ci.main:jenkins-core (CVE-2026-53441). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.568` or later.
|
| CVE-2026-52758 |
|
SQL Injection in sqli (CVE-2026-52758)
SQL injection in sqli (CVE-2026-52758). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52759 |
|
Vulnerability in dos (CVE-2026-52759)
vulnerability in dos (CVE-2026-52759). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52751 |
|
Unsafe Deserialization in deserialization (CVE-2026-52751)
vulnerability in deserialization (CVE-2026-52751). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52754 |
|
Vulnerability in nsa (CVE-2026-52754)
vulnerability in nsa (CVE-2026-52754). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52756 |
|
Path Traversal in path-traversal (CVE-2026-52756)
path traversal in path-traversal (CVE-2026-52756). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52755 |
|
Path Traversal in path-traversal (CVE-2026-52755)
path traversal in path-traversal (CVE-2026-52755). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52752 |
|
Path Traversal in path-traversal (CVE-2026-52752)
path traversal in path-traversal (CVE-2026-52752). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49069 |
|
Cross-Site Scripting (XSS) in CVE-2026-49069 (CVE-2026-49069)
cross-site scripting in CVE-2026-49069 (CVE-2026-49069). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49497 |
|
Path Traversal in path-traversal (CVE-2026-49497)
path traversal in path-traversal (CVE-2026-49497). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49498 |
|
SQL Injection in sqli (CVE-2026-49498)
SQL injection in sqli (CVE-2026-49498). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71329 |
|
Vulnerability in dos (CVE-2025-71329)
vulnerability in dos (CVE-2025-71329). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71330 |
|
Vulnerability in dos (CVE-2025-71330)
vulnerability in dos (CVE-2025-71330). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-58350 |
|
Vulnerability in dos (CVE-2024-58350)
vulnerability in dos (CVE-2024-58350). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24067 |
|
Vulnerability in privilege-escalation (CVE-2026-24067)
vulnerability in privilege-escalation (CVE-2026-24067). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24066 |
|
Vulnerability in privilege-escalation (CVE-2026-24066)
vulnerability in privilege-escalation (CVE-2026-24066). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11859 |
|
Vulnerability in CVE-2026-11859 (CVE-2026-11859)
vulnerability in CVE-2026-11859 (CVE-2026-11859). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3018 |
|
SQL Injection in wordpress (CVE-2026-3018)
SQL injection in wordpress (CVE-2026-3018). Confidential information can be exposed externally.
|
| CVE-2025-6254 |
|
Privilege Escalation in wordpress (CVE-2025-6254)
vulnerability in wordpress (CVE-2025-6254). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9019 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9019)
cross-site scripting in wordpress (CVE-2026-9019). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8853 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8853)
cross-site scripting in wordpress (CVE-2026-8853). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8613 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8613)
cross-site scripting in wordpress (CVE-2026-8613). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9060 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9060)
cross-site scripting in wordpress (CVE-2026-9060). Risk of unauthorized operations or information disclosure. Exploitable via ``unfiltered_html``.
|
| CVE-2026-3326 |
|
SQL Injection in wordpress (CVE-2026-3326)
SQL injection in wordpress (CVE-2026-3326). Confidential information can be exposed externally.
|
| CVE-2026-29115 |
|
Vulnerability in dos (CVE-2026-29115)
vulnerability in dos (CVE-2026-29115). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29116 |
|
Vulnerability in dos (CVE-2026-29116)
vulnerability in dos (CVE-2026-29116). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11815 |
|
Unsafe Deserialization in CVE-2026-11815 (CVE-2026-11815)
vulnerability in CVE-2026-11815 (CVE-2026-11815). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11837 |
|
Vulnerability in privilege-escalation (CVE-2026-11837)
vulnerability in privilege-escalation (CVE-2026-11837). Successful exploitation can lead to full system takeover.
|
| CVE-2025-8444 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-8444)
cross-site scripting in wordpress (CVE-2025-8444). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24717 |
|
Path Traversal in path-traversal (CVE-2026-24717)
path traversal in path-traversal (CVE-2026-24717). Confidential information can be exposed externally.
|
| CVE-2026-22899 |
|
Vulnerability in dos (CVE-2026-22899)
vulnerability in dos (CVE-2026-22899). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24716 |
|
Vulnerability in dos (CVE-2026-24716)
vulnerability in dos (CVE-2026-24716). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66281 |
|
Vulnerability in dos (CVE-2025-66281)
vulnerability in dos (CVE-2025-66281). Successful exploitation can lead to full system takeover.
|
| CVE-2025-62851 |
|
Path Traversal in path-traversal (CVE-2025-62851)
path traversal in path-traversal (CVE-2025-62851). Confidential information can be exposed externally.
|
| CVE-2025-62850 |
|
Vulnerability in dos (CVE-2025-62850)
vulnerability in dos (CVE-2025-62850). Successful exploitation can lead to full system takeover.
|
| CVE-2025-58468 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-58468)
vulnerability in csrf (CVE-2025-58468). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45541 |
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation pat...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp_http_server component. While parsing the client-supplied Sec-WebSocket-Protocol request...
|
| CVE-2026-53674 |
|
Vulnerability in dos (CVE-2026-53674)
vulnerability in dos (CVE-2026-53674). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41721 |
|
Vulnerability in dos (CVE-2026-41721)
vulnerability in dos (CVE-2026-41721). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41731 |
|
Unsafe Deserialization in org.springframework.kafka:spring-kafka (CVE-2026-41731)
vulnerability in org.springframework.kafka:spring-kafka (CVE-2026-41731). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40988 |
|
Vulnerability in dos (CVE-2026-40988)
vulnerability in dos (CVE-2026-40988). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41711 |
|
Vulnerability in dos (CVE-2026-41711)
vulnerability in dos (CVE-2026-41711). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9743 |
|
Vulnerability in dos (CVE-2026-9743)
vulnerability in dos (CVE-2026-9743). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44963 |
|
Unsafe Deserialization in CVE-2026-44963 (CVE-2026-44963)
vulnerability in CVE-2026-44963 (CVE-2026-44963). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46518 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2026-46518)
cross-site scripting in csrf (CVE-2026-46518). Confidential information can be exposed externally.
|
| CVE-2026-41695 |
|
Vulnerability in dos (CVE-2026-41695)
vulnerability in dos (CVE-2026-41695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34417 |
|
Cross-Site Scripting (XSS) in CVE-2026-34417 (CVE-2026-34417)
cross-site scripting in CVE-2026-34417 (CVE-2026-34417). Risk of unauthorized operations or information disclosure.
|