Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2025-2414 Vulnerability in CVE-2025-2414 (CVE-2025-2414)
vulnerability in CVE-2025-2414 (CVE-2025-2414). Confidential information can be exposed externally.
CVE-2026-9197 Path Traversal in wordpress (CVE-2026-9197)
path traversal in wordpress (CVE-2026-9197). Confidential information can be exposed externally.
CVE-2026-8978 SQL Injection in wordpress (CVE-2026-8978)
SQL injection in wordpress (CVE-2026-8978). Confidential information can be exposed externally.
CVE-2026-9280 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9280)
cross-site scripting in wordpress (CVE-2026-9280). Risk of unauthorized operations or information disclosure.
CVE-2026-8991 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8991)
cross-site scripting in wordpress (CVE-2026-8991). Risk of unauthorized operations or information disclosure.
CVE-2026-7796 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7796)
cross-site scripting in wordpress (CVE-2026-7796). Risk of unauthorized operations or information disclosure.
CVE-2026-7795 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7795)
cross-site scripting in wordpress (CVE-2026-7795). Risk of unauthorized operations or information disclosure.
CVE-2026-7566 Unsafe Deserialization in wordpress (CVE-2026-7566)
vulnerability in wordpress (CVE-2026-7566). Successful exploitation can lead to full system takeover.
CVE-2026-7565 Path Traversal in wordpress (CVE-2026-7565)
path traversal in wordpress (CVE-2026-7565). Confidential information can be exposed externally.
CVE-2026-7537 Unrestricted File Upload in wordpress (CVE-2026-7537)
vulnerability in wordpress (CVE-2026-7537). Successful exploitation can lead to full system takeover.
CVE-2026-2500 Path Traversal in csharp (CVE-2026-2500)
path traversal in csharp (CVE-2026-2500). Confidential information can be exposed externally. Exploitable via ``filename``.
CVE-2026-9281 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9281)
cross-site scripting in wordpress (CVE-2026-9281). Risk of unauthorized operations or information disclosure.
CVE-2026-8901 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8901)
cross-site scripting in wordpress (CVE-2026-8901). Risk of unauthorized operations or information disclosure.
CVE-2026-8438 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8438)
cross-site scripting in wordpress (CVE-2026-8438). Risk of unauthorized operations or information disclosure.
CVE-2026-8900 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8900)
cross-site scripting in wordpress (CVE-2026-8900). Risk of unauthorized operations or information disclosure.
CVE-2026-8893 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8893)
cross-site scripting in wordpress (CVE-2026-8893). Risk of unauthorized operations or information disclosure.
CVE-2026-6448 SQL Injection in wordpress (CVE-2026-6448)
SQL injection in wordpress (CVE-2026-6448). Confidential information can be exposed externally.
CVE-2026-6240 Vulnerability in dos (CVE-2026-6240)
vulnerability in dos (CVE-2026-6240). Risk of unauthorized operations or information disclosure.
CVE-2026-6241 Vulnerability in dos (CVE-2026-6241)
vulnerability in dos (CVE-2026-6241). Risk of unauthorized operations or information disclosure.
CVE-2026-6239 Vulnerability in dos (CVE-2026-6239)
vulnerability in dos (CVE-2026-6239). Risk of unauthorized operations or information disclosure.
CVE-2026-7654 Unsafe Deserialization in wordpress (CVE-2026-7654)
vulnerability in wordpress (CVE-2026-7654). Successful exploitation can lead to full system takeover. Exploitable via ``allowed_classes``.
CVE-2026-11429 Path Traversal in path-traversal (CVE-2026-11429)
path traversal in path-traversal (CVE-2026-11429). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
CVE-2026-11431 Path Traversal in path-traversal (CVE-2026-11431)
path traversal in path-traversal (CVE-2026-11431). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
CVE-2026-11416 Path Traversal in path-traversal (CVE-2026-11416)
path traversal in path-traversal (CVE-2026-11416). Data can be tampered with by attackers.
CVE-2026-11424 Information Disclosure in ssrf (CVE-2026-11424)
vulnerability in ssrf (CVE-2026-11424). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
CVE-2026-11423 Path Traversal in path-traversal (CVE-2026-11423)
path traversal in path-traversal (CVE-2026-11423). Risk of unauthorized operations or information disclosure.
CVE-2026-36785 Vulnerability in dos (CVE-2026-36785)
vulnerability in dos (CVE-2026-36785). Risk of unauthorized operations or information disclosure.
CVE-2026-11400 CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CVE-2026-46400 Unrestricted File Upload in CVE-2026-46400 (CVE-2026-46400)
vulnerability in CVE-2026-46400 (CVE-2026-46400). Risk of unauthorized operations or information disclosure.
CVE-2026-45779 SQL Injection in sqli (CVE-2026-45779)
SQL injection in sqli (CVE-2026-45779). Successful exploitation can lead to full system takeover.
CVE-2026-25624 Cross-Site Scripting (XSS) in arista (CVE-2026-25624)
cross-site scripting in arista (CVE-2026-25624). Confidential information can be exposed externally.
CVE-2026-11419 Path Traversal in path-traversal (CVE-2026-11419)
path traversal in path-traversal (CVE-2026-11419). Successful exploitation can lead to full system takeover.
CVE-2026-11420 Path Traversal in path-traversal (CVE-2026-11420)
path traversal in path-traversal (CVE-2026-11420). Successful exploitation can lead to full system takeover.
CVE-2026-11414 Path Traversal in path-traversal (CVE-2026-11414)
path traversal in path-traversal (CVE-2026-11414). Successful exploitation can lead to full system takeover.
CVE-2026-11401 AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-46392 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
CVE-2026-46394 OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
OS command injection in CVE-2026-46394 (CVE-2026-46394). Risk of unauthorized operations or information disclosure.
CVE-2026-10580 Vulnerability in wordpress (CVE-2026-10580)
vulnerability in wordpress (CVE-2026-10580). Successful exploitation can lead to full system takeover.
CVE-2026-45746 Vulnerability in termix (CVE-2026-45746)
vulnerability in termix (CVE-2026-45746). Successful exploitation can lead to full system takeover.
CVE-2026-36500 Path Traversal in path-traversal (CVE-2026-36500)
path traversal in path-traversal (CVE-2026-36500). Confidential information can be exposed externally.
CVE-2026-36501 Vulnerability in dos (CVE-2026-36501)
vulnerability in dos (CVE-2026-36501). Risk of unauthorized operations or information disclosure.
CVE-2026-11342 Vulnerability in sqli (CVE-2026-11342)
vulnerability in sqli (CVE-2026-11342). Risk of unauthorized operations or information disclosure.
CVE-2026-48103 Out-of-Bounds Read in cpp (CVE-2026-48103)
vulnerability in cpp (CVE-2026-48103). Risk of unauthorized operations or information disclosure.
CVE-2026-48104 Out-of-Bounds Read in dos (CVE-2026-48104)
vulnerability in dos (CVE-2026-48104). Risk of unauthorized operations or information disclosure.
CVE-2026-48111 Out-of-Bounds Read in cpp (CVE-2026-48111)
vulnerability in cpp (CVE-2026-48111). Risk of unauthorized operations or information disclosure.
CVE-2026-11338 Cross-Site Scripting (XSS) in CVE-2026-11338 (CVE-2026-11338)
cross-site scripting in CVE-2026-11338 (CVE-2026-11338). Risk of unauthorized operations or information disclosure.
CVE-2026-11337 Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
cross-site scripting in CVE-2026-11337 (CVE-2026-11337). Risk of unauthorized operations or information disclosure.
CVE-2025-5089 Vulnerability in dos (CVE-2025-5089)
vulnerability in dos (CVE-2025-5089). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →