Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2024-14036 Vulnerability in dos (CVE-2024-14036)
vulnerability in dos (CVE-2024-14036). Risk of unauthorized operations or information disclosure.
CVE-2021-4480 Vulnerability in privilege-escalation (CVE-2021-4480)
vulnerability in privilege-escalation (CVE-2021-4480). Data can be tampered with by attackers.
CVE-2026-10620 Vulnerability in sqli (CVE-2026-10620)
vulnerability in sqli (CVE-2026-10620). Risk of unauthorized operations or information disclosure.
CVE-2026-49143 Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
CVE-2026-49144 Path Traversal in browserstack-runner (CVE-2026-49144)
path traversal in browserstack-runner (CVE-2026-49144). Confidential information can be exposed externally. Exploitable via ``_default``.
CVE-2026-42849 Cross-Site Scripting (XSS) in authentik (CVE-2026-42849)
cross-site scripting in authentik (CVE-2026-42849). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
CVE-2026-8036 Vulnerability in privilege-escalation (CVE-2026-8036)
vulnerability in privilege-escalation (CVE-2026-8036). Confidential information can be exposed externally.
CVE-2026-8035 Vulnerability in dos (CVE-2026-8035)
vulnerability in dos (CVE-2026-8035). Data can be tampered with by attackers.
CVE-2026-5073 SQL Injection in wordpress (CVE-2026-5073)
SQL injection in wordpress (CVE-2026-5073). Confidential information can be exposed externally.
CVE-2026-5074 SQL Injection in wordpress (CVE-2026-5074)
SQL injection in wordpress (CVE-2026-5074). Confidential information can be exposed externally. Exploitable via ``get_private_content_data``.
CVE-2026-5076 Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
CVE-2026-5385 Cross-Site Scripting (XSS) in CVE-2026-5385 (CVE-2026-5385)
cross-site scripting in CVE-2026-5385 (CVE-2026-5385). Risk of unauthorized operations or information disclosure.
CVE-2026-49120 Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
CVE-2026-48594 Vulnerability in tesla (CVE-2026-48594)
vulnerability in tesla (CVE-2026-48594). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.18.3` or later.
CVE-2026-48597 Vulnerability in tesla (CVE-2026-48597)
vulnerability in tesla (CVE-2026-48597). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.18.3` or later.
CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
CVE-2026-34077 Vulnerability in react-router (CVE-2026-34077)
vulnerability in react-router (CVE-2026-34077). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.14.0` or later.
CVE-2026-33553 Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
CVE-2026-30586 Cross-Site Scripting (XSS) in CVE-2026-30586 (CVE-2026-30586)
cross-site scripting in CVE-2026-30586 (CVE-2026-30586). Risk of unauthorized operations or information disclosure.
CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
CVE-2026-28299 SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
CVE-2026-10607 Vulnerability in sqli (CVE-2026-10607)
vulnerability in sqli (CVE-2026-10607). Risk of unauthorized operations or information disclosure.
CVE-2026-10608 Vulnerability in sqli (CVE-2026-10608)
vulnerability in sqli (CVE-2026-10608). Risk of unauthorized operations or information disclosure.
CVE-2025-64390 Vulnerability in privilege-escalation (CVE-2025-64390)
vulnerability in privilege-escalation (CVE-2025-64390). Successful exploitation can lead to full system takeover.
CVE-2021-4479 Vulnerability in c (CVE-2021-4479)
vulnerability in c (CVE-2021-4479). Risk of unauthorized operations or information disclosure.
CVE-2021-4478 Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of...
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of...
CVE-2019-25721 Vulnerability in dos (CVE-2019-25721)
vulnerability in dos (CVE-2019-25721). Risk of unauthorized operations or information disclosure.
CVE-2019-25723 Vulnerability in dos (CVE-2019-25723)
vulnerability in dos (CVE-2019-25723). Risk of unauthorized operations or information disclosure.
CVE-2019-25724 Vulnerability in dos (CVE-2019-25724)
vulnerability in dos (CVE-2019-25724). Risk of unauthorized operations or information disclosure.
CVE-2026-40715 Vulnerability in privilege-escalation (CVE-2026-40715)
vulnerability in privilege-escalation (CVE-2026-40715). Successful exploitation can lead to full system takeover.
CVE-2026-10606 Vulnerability in sqli (CVE-2026-10606)
vulnerability in sqli (CVE-2026-10606). Risk of unauthorized operations or information disclosure.
CVE-2026-0611 Vulnerability in csharp (CVE-2026-0611)
vulnerability in csharp (CVE-2026-0611). Successful exploitation can lead to full system takeover.
CVE-2026-1871 Vulnerability in dos (CVE-2026-1871)
vulnerability in dos (CVE-2026-1871). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
CVE-2026-24221 Unsafe Deserialization in deserialization (CVE-2026-24221)
vulnerability in deserialization (CVE-2026-24221). Successful exploitation can lead to full system takeover.
CVE-2026-24237 Unsafe Deserialization in deserialization (CVE-2026-24237)
vulnerability in deserialization (CVE-2026-24237). Successful exploitation can lead to full system takeover.
CVE-2026-33244 Cross-Site Scripting (XSS) in react-router (CVE-2026-33244)
cross-site scripting in react-router (CVE-2026-33244). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `7.13.2` or later.
CVE-2026-7299 Cross-Site Scripting (XSS) in appsmith (CVE-2026-7299)
cross-site scripting in appsmith (CVE-2026-7299). Confidential information can be exposed externally. Mitigation: upgrade to `1.99.0` or later.
CVE-2026-47117 Code Injection in openmed (CVE-2026-47117)
code injection in openmed (CVE-2026-47117). Successful exploitation can lead to full system takeover. Exploitable via ``model_name``. Mitigation: upgrade to `1.5.2` or later.
CVE-2026-44367 Vulnerability in apache (CVE-2026-44367)
vulnerability in apache (CVE-2026-44367). Risk of unauthorized operations or information disclosure.
CVE-2026-42654 Vulnerability in CVE-2026-42654 (CVE-2026-42654)
vulnerability in CVE-2026-42654 (CVE-2026-42654). Data can be tampered with by attackers.
CVE-2026-40780 Vulnerability in CVE-2026-40780 (CVE-2026-40780)
vulnerability in CVE-2026-40780 (CVE-2026-40780). Data can be tampered with by attackers.
CVE-2026-35718 Path Traversal in path-traversal (CVE-2026-35718)
path traversal in path-traversal (CVE-2026-35718). Confidential information can be exposed externally.
CVE-2026-34460 Vulnerability in csrf (CVE-2026-34460)
vulnerability in csrf (CVE-2026-34460). Risk of unauthorized operations or information disclosure.
CVE-2026-7195 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CVE-2026-7201 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity...
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity...
CVE-2026-43965 Path Traversal in path-traversal (CVE-2026-43965)
path traversal in path-traversal (CVE-2026-43965). Risk of unauthorized operations or information disclosure.
CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2026-39553 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →