Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9558 |
|
Vulnerability in mautic/core (CVE-2026-9558)
vulnerability in mautic/core (CVE-2026-9558). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-10039 |
|
SQL Injection in wordpress (CVE-2026-10039)
SQL injection in wordpress (CVE-2026-10039). Confidential information can be exposed externally.
|
| CVE-2026-10057 |
|
Cross-Site Scripting (XSS) in CVE-2026-10057 (CVE-2026-10057)
cross-site scripting in CVE-2026-10057 (CVE-2026-10057). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10058 |
|
Cross-Site Scripting (XSS) in CVE-2026-10058 (CVE-2026-10058)
cross-site scripting in CVE-2026-10058 (CVE-2026-10058). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4776 |
|
Mautic has SQL Injection in API Contact Filtering
Mautic has SQL Injection in API Contact Filtering
|
| CVE-2026-9243 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9243)
cross-site scripting in wordpress (CVE-2026-9243). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3655 |
|
Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
|
| CVE-2025-11262 |
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
| CVE-2026-8732 |
|
Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9714 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9714)
cross-site scripting in wordpress (CVE-2026-9714). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6275 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6275)
cross-site scripting in wordpress (CVE-2026-6275). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14042 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-14042)
cross-site scripting in wordpress (CVE-2025-14042). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11993 |
|
Unsafe Deserialization in wordpress (CVE-2025-11993)
vulnerability in wordpress (CVE-2025-11993). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7430 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7430)
cross-site scripting in wordpress (CVE-2026-7430). Risk of unauthorized operations or information disclosure. Exploitable via ``WPEditor.php``.
|
| CVE-2026-8809 |
|
Privilege Escalation in wordpress (CVE-2026-8809)
vulnerability in wordpress (CVE-2026-8809). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5343 |
|
Vulnerability in drupal (CVE-2026-5343)
vulnerability in drupal (CVE-2026-5343). Confidential information can be exposed externally.
|
| CVE-2026-10028 |
|
Vulnerability in dos (CVE-2026-10028)
vulnerability in dos (CVE-2026-10028). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47179 |
|
Path Traversal in github.com/getarcaneapp/arcane/backend (CVE-2026-47179)
path traversal in github.com/getarcaneapp/arcane/backend (CVE-2026-47179). Confidential information can be exposed externally. Exploitable via `GET /api/environments/{id}/projects/{projectId}/file`. Mitigation: upgrade to `1.19.4` or later.
|
| CVE-2026-42305 |
|
Path Traversal in dulwich (CVE-2026-42305)
path traversal in dulwich (CVE-2026-42305). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-45343 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2026-45343)
cross-site scripting in csrf (CVE-2026-45343). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.6` or later.
|
| CVE-2026-10044 |
|
Vulnerability in path-traversal (CVE-2026-10044)
vulnerability in path-traversal (CVE-2026-10044). Confidential information can be exposed externally. Exploitable via `GET /api/prompts/{filename}`.
|
| CVE-2026-39929 |
|
Out-of-Bounds Read in dos (CVE-2026-39929)
vulnerability in dos (CVE-2026-39929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46843 |
|
Vulnerability in c (CVE-2026-46843)
vulnerability in c (CVE-2026-46843). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49094 |
|
Vulnerability in elk (CVE-2026-49094)
vulnerability in elk (CVE-2026-49094). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16` or later.
|
| CVE-2026-49095 |
|
Vulnerability in elk (CVE-2026-49095)
vulnerability in elk (CVE-2026-49095). Confidential information can be exposed externally. Mitigation: upgrade to `8.19.16, 9.3.5, 9.4.2` or later.
|
| CVE-2026-9646 |
|
A reflected cross-site scripting issue exists in URL handling.
A reflected cross-site scripting issue exists in URL handling.
|
| CVE-2026-46829 |
|
Vulnerability in c (CVE-2026-46829)
vulnerability in c (CVE-2026-46829). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46834 |
|
Vulnerability in c (CVE-2026-46834)
vulnerability in c (CVE-2026-46834). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46835 |
|
Vulnerability in c (CVE-2026-46835)
vulnerability in c (CVE-2026-46835). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42399 |
|
Vulnerability in elk (CVE-2026-42399)
vulnerability in elk (CVE-2026-42399). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.3.5` or later.
|
| CVE-2026-42400 |
|
Vulnerability in elk (CVE-2026-42400)
vulnerability in elk (CVE-2026-42400). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.3.5, 9.4.2` or later.
|
| CVE-2026-35266 |
|
Vulnerability in c (CVE-2026-35266)
vulnerability in c (CVE-2026-35266). Confidential information can be exposed externally.
|
| CVE-2026-49128 |
|
Path Traversal in path-traversal (CVE-2026-49128)
path traversal in path-traversal (CVE-2026-49128). Confidential information can be exposed externally.
|
| CVE-2026-33464 |
|
Vulnerability in elk (CVE-2026-33464)
vulnerability in elk (CVE-2026-33464). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.4.2` or later.
|
| CVE-2026-32847 |
|
Path Traversal in path-traversal (CVE-2026-32847)
path traversal in path-traversal (CVE-2026-32847). Confidential information can be exposed externally. Exploitable via `GET /{full_path`.
|
| CVE-2026-33462 |
|
Path Traversal in elk (CVE-2026-33462)
path traversal in elk (CVE-2026-33462). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.3.5` or later.
|
| CVE-2026-46526 |
|
SSRF (Server-Side Request Forgery) in local-deep-research (CVE-2026-46526)
SSRF in local-deep-research (CVE-2026-46526). Risk of unauthorized operations or information disclosure. Exploitable via ``validate_url``. Mitigation: upgrade to `1.6.10` or later.
|
| CVE-2026-4944 |
|
Path Traversal in CVE-2026-4944 (CVE-2026-4944)
path traversal in CVE-2026-4944 (CVE-2026-4944). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45044 |
|
Vulnerability in dos (CVE-2026-45044)
vulnerability in dos (CVE-2026-45044). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.0-beta.2` or later.
|
| CVE-2026-45287 |
|
Vulnerability in go.opentelemetry.io/otel/schema/v1.1 (CVE-2026-45287)
vulnerability in go.opentelemetry.io/otel/schema/v1.1 (CVE-2026-45287). Risk of unauthorized operations or information disclosure. Exploitable via ``ParseFile``. Mitigation: upgrade to `0.0.17` or later.
|
| CVE-2026-9094 |
|
Vulnerability in privilege-escalation (CVE-2026-9094)
vulnerability in privilege-escalation (CVE-2026-9094). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44465 |
|
OS Command Injection in zed (CVE-2026-44465)
OS command injection in zed (CVE-2026-44465). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.227.1` or later.
|
| CVE-2026-41178 |
|
Vulnerability in go.opentelemetry.io/otel/baggage (CVE-2026-41178)
vulnerability in go.opentelemetry.io/otel/baggage (CVE-2026-41178). Risk of unauthorized operations or information disclosure. Exploitable via ``Parse``. Mitigation: upgrade to `1.44.0` or later.
|
| CVE-2026-22872 |
|
Vulnerability in github.com/projectcapsule/capsule (CVE-2026-22872)
vulnerability in github.com/projectcapsule/capsule (CVE-2026-22872). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.13.0` or later.
|
| CVE-2026-6824 |
|
Cross-Site Scripting (XSS) in cisa (CVE-2026-6824)
cross-site scripting in cisa (CVE-2026-6824). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48522 |
|
Vulnerability in pyjwt (CVE-2026-48522)
vulnerability in pyjwt (CVE-2026-48522). Risk of unauthorized operations or information disclosure. Exploitable via ``uri``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-48525 |
|
Vulnerability in pyjwt (CVE-2026-48525)
vulnerability in pyjwt (CVE-2026-48525). Risk of unauthorized operations or information disclosure. Exploitable via `POST /verify`. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-47762 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47762)
cross-site scripting in tinymce (CVE-2026-47762). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-47761 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47761)
cross-site scripting in tinymce (CVE-2026-47761). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-47760 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47760)
cross-site scripting in tinymce (CVE-2026-47760). Confidential information can be exposed externally. Mitigation: upgrade to `7.1.0` or later.
|