Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9413 |
|
Cross-Site Scripting (XSS) in CVE-2026-9413 (CVE-2026-9413)
cross-site scripting in CVE-2026-9413 (CVE-2026-9413). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9415 |
|
Cross-Site Scripting (XSS) in CVE-2026-9415 (CVE-2026-9415)
cross-site scripting in CVE-2026-9415 (CVE-2026-9415). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9414 |
|
Cross-Site Scripting (XSS) in CVE-2026-9414 (CVE-2026-9414)
cross-site scripting in CVE-2026-9414 (CVE-2026-9414). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9411 |
|
Vulnerability in sqli (CVE-2026-9411)
vulnerability in sqli (CVE-2026-9411). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9398 |
|
Authentication Bypass in CVE-2026-9398 (CVE-2026-9398)
authentication bypass in CVE-2026-9398 (CVE-2026-9398). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9377 |
|
Cross-Site Scripting (XSS) in CVE-2026-9377 (CVE-2026-9377)
cross-site scripting in CVE-2026-9377 (CVE-2026-9377). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4372 |
|
Unsafe Deserialization in transformers (CVE-2026-4372)
vulnerability in transformers (CVE-2026-4372). Successful exploitation can lead to full system takeover. Exploitable via ``_attn_implementation_internal``. Mitigation: upgrade to `5.3.0` or later.
|
| CVE-2026-9383 |
|
Vulnerability in sqli (CVE-2026-9383)
vulnerability in sqli (CVE-2026-9383). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9364 |
|
Vulnerability in sqli (CVE-2026-9364)
vulnerability in sqli (CVE-2026-9364). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9357 |
|
Cross-Site Scripting (XSS) in CVE-2026-9357 (CVE-2026-9357)
cross-site scripting in CVE-2026-9357 (CVE-2026-9357). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9356 |
|
Vulnerability in sqli (CVE-2026-9356)
vulnerability in sqli (CVE-2026-9356). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9355 |
|
Vulnerability in sqli (CVE-2026-9355)
vulnerability in sqli (CVE-2026-9355). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9358 |
|
Vulnerability in dos (CVE-2026-9358)
vulnerability in dos (CVE-2026-9358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3515 |
|
Vulnerability in prefect (CVE-2026-3515)
vulnerability in prefect (CVE-2026-3515). Confidential information can be exposed externally. Exploitable via ``GitHubRepository``.
|
| CVE-2026-9351 |
|
Path Traversal in path-traversal (CVE-2026-9351)
path traversal in path-traversal (CVE-2026-9351). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9342 |
|
Vulnerability in sqli (CVE-2026-9342)
vulnerability in sqli (CVE-2026-9342). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25349 |
|
Cross-Site Scripting (XSS) in CVE-2018-25349 (CVE-2018-25349)
cross-site scripting in CVE-2018-25349 (CVE-2018-25349). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25357 |
|
Code Injection in dolibarr/dolibarr (CVE-2018-25357)
code injection in dolibarr/dolibarr (CVE-2018-25357). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.0.8` or later.
|
| CVE-2018-25347 |
|
SQL Injection in wordpress (CVE-2018-25347)
SQL injection in wordpress (CVE-2018-25347). Confidential information can be exposed externally.
|
| CVE-2018-25348 |
|
SQL Injection in sqli (CVE-2018-25348)
SQL injection in sqli (CVE-2018-25348). Confidential information can be exposed externally.
|
| CVE-2018-25351 |
|
SQL Injection in sqli (CVE-2018-25351)
SQL injection in sqli (CVE-2018-25351). Confidential information can be exposed externally.
|
| CVE-2018-25352 |
|
SQL Injection in wordpress (CVE-2018-25352)
SQL injection in wordpress (CVE-2018-25352). Confidential information can be exposed externally.
|
| CVE-2018-25346 |
|
SQL Injection in wordpress (CVE-2018-25346)
SQL injection in wordpress (CVE-2018-25346). Confidential information can be exposed externally.
|
| CVE-2018-25340 |
|
SQL Injection in sqli (CVE-2018-25340)
SQL injection in sqli (CVE-2018-25340). Confidential information can be exposed externally.
|
| CVE-2026-9305 |
|
Vulnerability in sqli (CVE-2026-9305)
vulnerability in sqli (CVE-2026-9305). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25342 |
|
SQL Injection in sqli (CVE-2018-25342)
SQL injection in sqli (CVE-2018-25342). Confidential information can be exposed externally.
|
| CVE-2018-25341 |
|
SQL Injection in sqli (CVE-2018-25341)
SQL injection in sqli (CVE-2018-25341). Confidential information can be exposed externally.
|
| CVE-2026-6895 |
|
Privilege Escalation in wordpress (CVE-2026-6895)
vulnerability in wordpress (CVE-2026-6895). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6419 |
|
Privilege Escalation in wordpress (CVE-2026-6419)
vulnerability in wordpress (CVE-2026-6419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45659 KEV |
|
[KEV] Unsafe Deserialization in Microsoft deserialization (CVE-2026-45659)
vulnerability in Microsoft deserialization (CVE-2026-45659). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-41104 |
|
Unsafe Deserialization in deserialization (CVE-2026-41104)
vulnerability in deserialization (CVE-2026-41104). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33843 |
|
Vulnerability in microsoft (CVE-2026-33843)
vulnerability in microsoft (CVE-2026-33843). Confidential information can be exposed externally.
|
| CVE-2026-36227 |
|
Path Traversal in path-traversal (CVE-2026-36227)
path traversal in path-traversal (CVE-2026-36227). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-45145 |
|
Path Traversal in path-traversal (CVE-2025-45145)
path traversal in path-traversal (CVE-2025-45145). Confidential information can be exposed externally.
|
| CVE-2026-8340 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8340)
vulnerability in concrete5/concrete5 (CVE-2026-8340). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-44417 |
|
Vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417)
vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
|
| CVE-2026-6059 |
|
Cross-Site Scripting (XSS) in jvn (CVE-2026-6059)
cross-site scripting in jvn (CVE-2026-6059). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47125 |
|
Vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-47125)
vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-47125). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/environments/{id}/templates/variables`. Mitigation: upgrade to `1.19.2` or later.
|
| CVE-2026-41076 |
|
Authentication Bypass in CVE-2026-41076 (CVE-2026-41076)
authentication bypass in CVE-2026-41076 (CVE-2026-41076). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41074 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-41074)
vulnerability in csrf (CVE-2026-41074). Data can be tampered with by attackers.
|
| CVE-2026-41075 |
|
SQL Injection in sqli (CVE-2026-41075)
SQL injection in sqli (CVE-2026-41075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41069 |
|
Out-of-Bounds Read in dos (CVE-2026-41069)
vulnerability in dos (CVE-2026-41069). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48777 |
|
Path Traversal in github.com/gtsteffaniak/filebrowser/backend (CVE-2026-48777)
path traversal in github.com/gtsteffaniak/filebrowser/backend (CVE-2026-48777). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /public/api/resources`. Mitigation: upgrade to `0.0.0-20260518193514-28e9b81e438e` or later.
|
| CVE-2026-25606 |
|
SQL Injection in sqli (CVE-2026-25606)
SQL injection in sqli (CVE-2026-25606). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9104 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9104)
cross-site scripting in wordpress (CVE-2026-9104). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9018 |
|
Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
|
| CVE-2026-6864 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6864)
cross-site scripting in wordpress (CVE-2026-6864). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7509 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7509)
cross-site scripting in wordpress (CVE-2026-7509). Risk of unauthorized operations or information disclosure. Exploitable via ``before``.
|
| CVE-2026-3481 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3481)
cross-site scripting in wordpress (CVE-2026-3481). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4834 |
|
SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
|