Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44058 |
|
Authentication Bypass in CVE-2026-44058 (CVE-2026-44058)
authentication bypass in CVE-2026-44058 (CVE-2026-44058). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44054 |
|
Vulnerability in dos (CVE-2026-44054)
vulnerability in dos (CVE-2026-44054). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44056 |
|
Vulnerability in c (CVE-2026-44056)
vulnerability in c (CVE-2026-44056). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44060 |
|
Vulnerability in dos (CVE-2026-44060)
vulnerability in dos (CVE-2026-44060). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44062 |
|
Out-of-Bounds Write in c (CVE-2026-44062)
out-of-bounds write in c (CVE-2026-44062). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44048 |
|
Vulnerability in dos (CVE-2026-44048)
vulnerability in dos (CVE-2026-44048). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44049 |
|
Out-of-Bounds Write in dos (CVE-2026-44049)
out-of-bounds write in dos (CVE-2026-44049). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44050 |
|
Vulnerability in dos (CVE-2026-44050)
vulnerability in dos (CVE-2026-44050). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44047 |
|
SQL Injection in sqli (CVE-2026-44047)
SQL injection in sqli (CVE-2026-44047). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1543 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-1543)
cross-site scripting in wordpress (CVE-2026-1543). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6279 |
|
Vulnerability in wordpress (CVE-2026-6279)
vulnerability in wordpress (CVE-2026-6279). Successful exploitation can lead to full system takeover. Exploitable via ``wp_conditional_tags``.
|
| CVE-2026-4811 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4811)
cross-site scripting in wordpress (CVE-2026-4811). Confidential information can be exposed externally.
|
| CVE-2026-48172 KEV |
|
[KEV] Vulnerability in Litespeed privilege-escalation (CVE-2026-48172)
vulnerability in Litespeed privilege-escalation (CVE-2026-48172). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-9149 |
|
Vulnerability in dos (CVE-2026-9149)
vulnerability in dos (CVE-2026-9149). Risk of unauthorized operations or information disclosure. Exploitable via ``repo_add_solv``.
|
| CVE-2026-9150 |
|
Vulnerability in dos (CVE-2026-9150)
vulnerability in dos (CVE-2026-9150). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40165 |
|
Vulnerability in authentik (CVE-2026-40165)
vulnerability in authentik (CVE-2026-40165). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
|
| CVE-2026-9144 |
|
Cross-Site Scripting (XSS) in CVE-2026-9144 (CVE-2026-9144)
cross-site scripting in CVE-2026-9144 (CVE-2026-9144). Confidential information can be exposed externally.
|
| CVE-2026-9141 |
|
Vulnerability in CVE-2026-9141 (CVE-2026-9141)
vulnerability in CVE-2026-9141 (CVE-2026-9141). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9129 |
|
Path Traversal in path-traversal (CVE-2026-9129)
path traversal in path-traversal (CVE-2026-9129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9102 |
|
Path Traversal in path-traversal (CVE-2026-9102)
path traversal in path-traversal (CVE-2026-9102). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9082 KEV |
|
[KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
|
| CVE-2026-35016 |
|
Cross-Site Scripting (XSS) in CVE-2026-35016 (CVE-2026-35016)
cross-site scripting in CVE-2026-35016 (CVE-2026-35016). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39311 |
|
Cross-Site Scripting (XSS) in CVE-2026-39311 (CVE-2026-39311)
cross-site scripting in CVE-2026-39311 (CVE-2026-39311). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39352 |
|
Path Traversal in path-traversal (CVE-2026-39352)
path traversal in path-traversal (CVE-2026-39352). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39310 |
|
Vulnerability in csrf (CVE-2026-39310)
vulnerability in csrf (CVE-2026-39310). Data can be tampered with by attackers.
|
| CVE-2026-35009 |
|
Cross-Site Scripting (XSS) in CVE-2026-35009 (CVE-2026-35009)
cross-site scripting in CVE-2026-35009 (CVE-2026-35009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35010 |
|
Cross-Site Scripting (XSS) in CVE-2026-35010 (CVE-2026-35010)
cross-site scripting in CVE-2026-35010 (CVE-2026-35010). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35011 |
|
Cross-Site Scripting (XSS) in CVE-2026-35011 (CVE-2026-35011)
cross-site scripting in CVE-2026-35011 (CVE-2026-35011). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35012 |
|
Cross-Site Scripting (XSS) in CVE-2026-35012 (CVE-2026-35012)
cross-site scripting in CVE-2026-35012 (CVE-2026-35012). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35013 |
|
Cross-Site Scripting (XSS) in CVE-2026-35013 (CVE-2026-35013)
cross-site scripting in CVE-2026-35013 (CVE-2026-35013). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35014 |
|
Cross-Site Scripting (XSS) in CVE-2026-35014 (CVE-2026-35014)
cross-site scripting in CVE-2026-35014 (CVE-2026-35014). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35015 |
|
Cross-Site Scripting (XSS) in CVE-2026-35015 (CVE-2026-35015)
cross-site scripting in CVE-2026-35015 (CVE-2026-35015). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35007 |
|
Cross-Site Scripting (XSS) in CVE-2026-35007 (CVE-2026-35007)
cross-site scripting in CVE-2026-35007 (CVE-2026-35007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35008 |
|
Cross-Site Scripting (XSS) in CVE-2026-35008 (CVE-2026-35008)
cross-site scripting in CVE-2026-35008 (CVE-2026-35008). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24217 |
|
Vulnerability in path-traversal (CVE-2026-24217)
vulnerability in path-traversal (CVE-2026-24217). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23734 |
|
Vulnerability in org.xwiki.commons:xwiki-commons-classloader-api (CVE-2026-23734)
vulnerability in org.xwiki.commons:xwiki-commons-classloader-api (CVE-2026-23734). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.0.0-rc-1` or later.
|
| CVE-2026-24216 |
|
Unsafe Deserialization in dos (CVE-2026-24216)
vulnerability in dos (CVE-2026-24216). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24218 |
|
Vulnerability in dos (CVE-2026-24218)
vulnerability in dos (CVE-2026-24218). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20240 |
|
Vulnerability in dos (CVE-2026-20240)
vulnerability in dos (CVE-2026-20240). Risk of unauthorized operations or information disclosure. Exploitable via ``coldToFrozen.sh``.
|
| CVE-2026-30691 |
|
Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer (CVE-2026-30691)
cross-site scripting in @cyntler/react-doc-viewer (CVE-2026-30691). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7613 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7613)
cross-site scripting in wordpress (CVE-2026-7613). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44924 |
|
InfoScale VIOM 9.1.3 allows XSS.
InfoScale VIOM 9.1.3 allows XSS.
|
| CVE-2026-44925 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-44925)
vulnerability in csrf (CVE-2026-44925). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44923 |
|
SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
|
| CVE-2026-4293 |
|
Cross-Site Scripting (XSS) in CVE-2026-4293 (CVE-2026-4293)
cross-site scripting in CVE-2026-4293 (CVE-2026-4293). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5783 |
|
Cross-Site Scripting (XSS) in CVE-2026-5783 (CVE-2026-5783)
cross-site scripting in CVE-2026-5783 (CVE-2026-5783). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20171 |
|
Vulnerability in Cisco dos (CVE-2026-20171)
vulnerability in Cisco dos (CVE-2026-20171). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35675 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35675)
vulnerability in thorsten/phpmyfaq (CVE-2026-35675). Data can be tampered with by attackers. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-35672 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35672)
vulnerability in thorsten/phpmyfaq (CVE-2026-35672). Data can be tampered with by attackers. Exploitable via `POST /api/v4.0/faq/create`. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-8467 |
|
Code Injection in phoenix_storybook (CVE-2026-8467)
code injection in phoenix_storybook (CVE-2026-8467). Risk of unauthorized operations or information disclosure. Exploitable via ``Kernel``. Mitigation: upgrade to `1.1.0` or later.
|