Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-47759 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47759)
cross-site scripting in tinymce (CVE-2026-47759). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-9828 |
|
Unsafe Deserialization in ch.qos.logback:logback-core (CVE-2026-9828)
vulnerability in ch.qos.logback:logback-core (CVE-2026-9828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.5.33` or later.
|
| CVE-2026-8980 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8980)
vulnerability in privilege-escalation (CVE-2026-8980). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49237 |
|
Vulnerability in privilege-escalation (CVE-2026-49237)
vulnerability in privilege-escalation (CVE-2026-49237). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49238 |
|
Path Traversal in cpp (CVE-2026-49238)
path traversal in cpp (CVE-2026-49238). Confidential information can be exposed externally.
|
| CVE-2026-8979 |
|
Authentication Bypass in CVE-2026-8979 (CVE-2026-8979)
authentication bypass in CVE-2026-8979 (CVE-2026-8979). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42250 |
|
Out-of-Bounds Write in dos (CVE-2026-42250)
out-of-bounds write in dos (CVE-2026-42250). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9813 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9813)
SSRF in ssrf (CVE-2026-9813). Successful exploitation can lead to full system takeover.
|
| CVE-2025-48977 |
|
Vulnerability in org.apache.ignite:ignite-core (CVE-2025-48977)
vulnerability in org.apache.ignite:ignite-core (CVE-2025-48977). Confidential information can be exposed externally. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2026-7048 |
|
SQL Injection in wordpress (CVE-2026-7048)
SQL injection in wordpress (CVE-2026-7048). Confidential information can be exposed externally.
|
| CVE-2026-9804 |
|
Vulnerability in kubevirt.io/kubevirt (CVE-2026-9804)
vulnerability in kubevirt.io/kubevirt (CVE-2026-9804). Confidential information can be exposed externally.
|
| CVE-2026-6226 |
|
Privilege Escalation in wordpress (CVE-2026-6226)
vulnerability in wordpress (CVE-2026-6226). Successful exploitation can lead to full system takeover.
|
| CVE-2024-47097 |
|
Cross-Site Scripting (XSS) in CVE-2024-47097 (CVE-2024-47097)
cross-site scripting in CVE-2024-47097 (CVE-2024-47097). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-47096 |
|
Cross-Site Scripting (XSS) in CVE-2024-47096 (CVE-2024-47096)
cross-site scripting in CVE-2024-47096 (CVE-2024-47096). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4334 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4334)
cross-site scripting in wordpress (CVE-2026-4334). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9806 |
|
Cross-Site Scripting (XSS) in CVE-2026-9806 (CVE-2026-9806)
cross-site scripting in CVE-2026-9806 (CVE-2026-9806). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7797 |
|
SQL Injection in wordpress (CVE-2026-7797)
SQL injection in wordpress (CVE-2026-7797). Confidential information can be exposed externally.
|
| CVE-2026-7660 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7660)
cross-site scripting in wordpress (CVE-2026-7660). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9227 |
|
Unrestricted File Upload in wordpress (CVE-2026-9227)
vulnerability in wordpress (CVE-2026-9227). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6455 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
|
| CVE-2026-7634 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7634)
cross-site scripting in wordpress (CVE-2026-7634). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7052 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7052)
cross-site scripting in wordpress (CVE-2026-7052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6427 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6427)
cross-site scripting in wordpress (CVE-2026-6427). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9802 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-9802)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9802). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.3` or later.
|
| CVE-2026-9644 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9644)
cross-site scripting in wordpress (CVE-2026-9644). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9801 |
|
Vulnerability in org.keycloak:keycloak-ldap-federation (CVE-2026-9801)
vulnerability in org.keycloak:keycloak-ldap-federation (CVE-2026-9801). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.6.3` or later.
|
| CVE-2026-9803 |
|
Out-of-Bounds Read in org.keycloak:keycloak-services (CVE-2026-9803)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9803). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.6.3` or later.
|
| CVE-2026-7533 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-7533)
vulnerability in wordpress (CVE-2026-7533). Risk of unauthorized operations or information disclosure. Exploitable via ``admin_init``.
|
| CVE-2026-9009 |
|
Unrestricted File Upload in wordpress (CVE-2026-9009)
vulnerability in wordpress (CVE-2026-9009). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9795 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-9795)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9795). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.4` or later.
|
| CVE-2026-5737 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-5737)
SSRF in wordpress (CVE-2026-5737). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32996 |
|
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
|
| CVE-2026-32998 |
|
This vulnerability in Veeam Service Provider Console allows for remote code execution.
This vulnerability in Veeam Service Provider Console allows for remote code execution.
|
| CVE-2026-2374 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2374)
cross-site scripting in wordpress (CVE-2026-2374). Risk of unauthorized operations or information disclosure. Exploitable via ``login_nocaptcha_error``.
|
| CVE-2026-9789 |
|
Path Traversal in privilege-escalation (CVE-2026-9789)
path traversal in privilege-escalation (CVE-2026-9789). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46402 |
|
Path Traversal in path-traversal (CVE-2026-46402)
path traversal in path-traversal (CVE-2026-46402). Data can be tampered with by attackers.
|
| CVE-2026-8361 |
|
Vulnerability in path-traversal (CVE-2026-8361)
vulnerability in path-traversal (CVE-2026-8361). Confidential information can be exposed externally.
|
| CVE-2026-49009 |
|
Path Traversal in path-traversal (CVE-2026-49009)
path traversal in path-traversal (CVE-2026-49009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-9759 |
|
Vulnerability in dos (CVE-2026-9759)
vulnerability in dos (CVE-2026-9759). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44711 |
|
Vulnerability in CVE-2026-44711 (CVE-2026-44711)
vulnerability in CVE-2026-44711 (CVE-2026-44711). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-44712 |
|
OS Command Injection in CVE-2026-44712 (CVE-2026-44712)
OS command injection in CVE-2026-44712 (CVE-2026-44712). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-47161 |
|
Unsafe Deserialization in CVE-2026-47161 (CVE-2026-47161)
vulnerability in CVE-2026-47161 (CVE-2026-47161). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45108 |
|
Authorization Flaw in CVE-2026-45108 (CVE-2026-45108)
vulnerability in CVE-2026-45108 (CVE-2026-45108). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.5` or later.
|
| CVE-2026-44888 |
|
Code Injection in CVE-2026-44888 (CVE-2026-44888)
code injection in CVE-2026-44888 (CVE-2026-44888). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026-05-07` or later.
|
| CVE-2026-44886 |
|
SQL Injection in sqli (CVE-2026-44886)
SQL injection in sqli (CVE-2026-44886). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026-05-07` or later.
|
| CVE-2026-44887 |
|
Code Injection in CVE-2026-44887 (CVE-2026-44887)
code injection in CVE-2026-44887 (CVE-2026-44887). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026-05-07` or later.
|
| CVE-2026-42877 |
|
Cross-Site Scripting (XSS) in facturascripts/facturascripts (CVE-2026-42877)
cross-site scripting in facturascripts/facturascripts (CVE-2026-42877). Risk of unauthorized operations or information disclosure. Exploitable via ``referencia``.
|
| CVE-2026-42197 |
|
Cross-Site Scripting (XSS) in django (CVE-2026-42197)
cross-site scripting in django (CVE-2026-42197). Confidential information can be exposed externally. Exploitable via ``ParticipationAdmin``.
|
| CVE-2026-25879 |
|
SQL Injection in langroid (CVE-2026-25879)
SQL injection in langroid (CVE-2026-25879). Successful exploitation can lead to full system takeover. Exploitable via ``query``. Mitigation: upgrade to `0.63.0` or later.
|
| CVE-2026-1402 |
|
Vulnerability in gitlab (CVE-2026-1402)
vulnerability in gitlab (CVE-2026-1402). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
|