Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-9558 Vulnerability in mautic/core (CVE-2026-9558)
vulnerability in mautic/core (CVE-2026-9558). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
CVE-2026-10039 SQL Injection in wordpress (CVE-2026-10039)
SQL injection in wordpress (CVE-2026-10039). Confidential information can be exposed externally.
CVE-2026-10057 Cross-Site Scripting (XSS) in CVE-2026-10057 (CVE-2026-10057)
cross-site scripting in CVE-2026-10057 (CVE-2026-10057). Risk of unauthorized operations or information disclosure.
CVE-2026-10058 Cross-Site Scripting (XSS) in CVE-2026-10058 (CVE-2026-10058)
cross-site scripting in CVE-2026-10058 (CVE-2026-10058). Risk of unauthorized operations or information disclosure.
CVE-2026-4776 Mautic has SQL Injection in API Contact Filtering
Mautic has SQL Injection in API Contact Filtering
CVE-2026-9243 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9243)
cross-site scripting in wordpress (CVE-2026-9243). Risk of unauthorized operations or information disclosure.
CVE-2026-3655 Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
CVE-2025-11262 The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
CVE-2026-8732 Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
CVE-2026-9714 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9714)
cross-site scripting in wordpress (CVE-2026-9714). Risk of unauthorized operations or information disclosure.
CVE-2026-6275 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6275)
cross-site scripting in wordpress (CVE-2026-6275). Risk of unauthorized operations or information disclosure.
CVE-2025-14042 Cross-Site Scripting (XSS) in wordpress (CVE-2025-14042)
cross-site scripting in wordpress (CVE-2025-14042). Risk of unauthorized operations or information disclosure.
CVE-2025-11993 Unsafe Deserialization in wordpress (CVE-2025-11993)
vulnerability in wordpress (CVE-2025-11993). Successful exploitation can lead to full system takeover.
CVE-2026-7430 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7430)
cross-site scripting in wordpress (CVE-2026-7430). Risk of unauthorized operations or information disclosure. Exploitable via ``WPEditor.php``.
CVE-2026-8809 Privilege Escalation in wordpress (CVE-2026-8809)
vulnerability in wordpress (CVE-2026-8809). Successful exploitation can lead to full system takeover.
CVE-2026-5343 Vulnerability in drupal (CVE-2026-5343)
vulnerability in drupal (CVE-2026-5343). Confidential information can be exposed externally.
CVE-2026-10028 Vulnerability in dos (CVE-2026-10028)
vulnerability in dos (CVE-2026-10028). Risk of unauthorized operations or information disclosure.
CVE-2026-47179 Path Traversal in github.com/getarcaneapp/arcane/backend (CVE-2026-47179)
path traversal in github.com/getarcaneapp/arcane/backend (CVE-2026-47179). Confidential information can be exposed externally. Exploitable via `GET /api/environments/{id}/projects/{projectId}/file`. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-42305 Path Traversal in dulwich (CVE-2026-42305)
path traversal in dulwich (CVE-2026-42305). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.2.5` or later.
CVE-2026-45343 Cross-Site Scripting (XSS) in csrf (CVE-2026-45343)
cross-site scripting in csrf (CVE-2026-45343). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.6` or later.
CVE-2026-10044 Vulnerability in path-traversal (CVE-2026-10044)
vulnerability in path-traversal (CVE-2026-10044). Confidential information can be exposed externally. Exploitable via `GET /api/prompts/{filename}`.
CVE-2026-39929 Out-of-Bounds Read in dos (CVE-2026-39929)
vulnerability in dos (CVE-2026-39929). Risk of unauthorized operations or information disclosure.
CVE-2026-46843 Vulnerability in c (CVE-2026-46843)
vulnerability in c (CVE-2026-46843). Risk of unauthorized operations or information disclosure.
CVE-2026-49094 Vulnerability in elk (CVE-2026-49094)
vulnerability in elk (CVE-2026-49094). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16` or later.
CVE-2026-49095 Vulnerability in elk (CVE-2026-49095)
vulnerability in elk (CVE-2026-49095). Confidential information can be exposed externally. Mitigation: upgrade to `8.19.16, 9.3.5, 9.4.2` or later.
CVE-2026-9646 A reflected cross-site scripting issue exists in URL handling.
A reflected cross-site scripting issue exists in URL handling.
CVE-2026-46829 Vulnerability in c (CVE-2026-46829)
vulnerability in c (CVE-2026-46829). Risk of unauthorized operations or information disclosure.
CVE-2026-46834 Vulnerability in c (CVE-2026-46834)
vulnerability in c (CVE-2026-46834). Risk of unauthorized operations or information disclosure.
CVE-2026-46835 Vulnerability in c (CVE-2026-46835)
vulnerability in c (CVE-2026-46835). Risk of unauthorized operations or information disclosure.
CVE-2026-42399 Vulnerability in elk (CVE-2026-42399)
vulnerability in elk (CVE-2026-42399). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.3.5` or later.
CVE-2026-42400 Vulnerability in elk (CVE-2026-42400)
vulnerability in elk (CVE-2026-42400). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.3.5, 9.4.2` or later.
CVE-2026-35266 Vulnerability in c (CVE-2026-35266)
vulnerability in c (CVE-2026-35266). Confidential information can be exposed externally.
CVE-2026-49128 Path Traversal in path-traversal (CVE-2026-49128)
path traversal in path-traversal (CVE-2026-49128). Confidential information can be exposed externally.
CVE-2026-33464 Vulnerability in elk (CVE-2026-33464)
vulnerability in elk (CVE-2026-33464). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.4.2` or later.
CVE-2026-32847 Path Traversal in path-traversal (CVE-2026-32847)
path traversal in path-traversal (CVE-2026-32847). Confidential information can be exposed externally. Exploitable via `GET /{full_path`.
CVE-2026-33462 Path Traversal in elk (CVE-2026-33462)
path traversal in elk (CVE-2026-33462). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.3.5` or later.
CVE-2026-46526 SSRF (Server-Side Request Forgery) in local-deep-research (CVE-2026-46526)
SSRF in local-deep-research (CVE-2026-46526). Risk of unauthorized operations or information disclosure. Exploitable via ``validate_url``. Mitigation: upgrade to `1.6.10` or later.
CVE-2026-4944 Path Traversal in CVE-2026-4944 (CVE-2026-4944)
path traversal in CVE-2026-4944 (CVE-2026-4944). Successful exploitation can lead to full system takeover.
CVE-2026-45044 Vulnerability in dos (CVE-2026-45044)
vulnerability in dos (CVE-2026-45044). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.0-beta.2` or later.
CVE-2026-45287 Vulnerability in go.opentelemetry.io/otel/schema/v1.1 (CVE-2026-45287)
vulnerability in go.opentelemetry.io/otel/schema/v1.1 (CVE-2026-45287). Risk of unauthorized operations or information disclosure. Exploitable via ``ParseFile``. Mitigation: upgrade to `0.0.17` or later.
CVE-2026-9094 Vulnerability in privilege-escalation (CVE-2026-9094)
vulnerability in privilege-escalation (CVE-2026-9094). Successful exploitation can lead to full system takeover.
CVE-2026-44465 OS Command Injection in zed (CVE-2026-44465)
OS command injection in zed (CVE-2026-44465). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.227.1` or later.
CVE-2026-41178 Vulnerability in go.opentelemetry.io/otel/baggage (CVE-2026-41178)
vulnerability in go.opentelemetry.io/otel/baggage (CVE-2026-41178). Risk of unauthorized operations or information disclosure. Exploitable via ``Parse``. Mitigation: upgrade to `1.44.0` or later.
CVE-2026-22872 Vulnerability in github.com/projectcapsule/capsule (CVE-2026-22872)
vulnerability in github.com/projectcapsule/capsule (CVE-2026-22872). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.13.0` or later.
CVE-2026-6824 Cross-Site Scripting (XSS) in cisa (CVE-2026-6824)
cross-site scripting in cisa (CVE-2026-6824). Successful exploitation can lead to full system takeover.
CVE-2026-48522 Vulnerability in pyjwt (CVE-2026-48522)
vulnerability in pyjwt (CVE-2026-48522). Risk of unauthorized operations or information disclosure. Exploitable via ``uri``. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-48525 Vulnerability in pyjwt (CVE-2026-48525)
vulnerability in pyjwt (CVE-2026-48525). Risk of unauthorized operations or information disclosure. Exploitable via `POST /verify`. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-47762 Cross-Site Scripting (XSS) in tinymce (CVE-2026-47762)
cross-site scripting in tinymce (CVE-2026-47762). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
CVE-2026-47761 Cross-Site Scripting (XSS) in tinymce (CVE-2026-47761)
cross-site scripting in tinymce (CVE-2026-47761). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
CVE-2026-47760 Cross-Site Scripting (XSS) in tinymce (CVE-2026-47760)
cross-site scripting in tinymce (CVE-2026-47760). Confidential information can be exposed externally. Mitigation: upgrade to `7.1.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →