Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-6399 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6399)
cross-site scripting in wordpress (CVE-2026-6399). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6394 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6394)
SSRF in wordpress (CVE-2026-6394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3985 |
|
SQL Injection in wordpress (CVE-2026-3985)
SQL injection in wordpress (CVE-2026-3985). Confidential information can be exposed externally.
|
| CVE-2026-35593 |
|
Path Traversal in CVE-2026-35593 (CVE-2026-35593)
path traversal in CVE-2026-35593 (CVE-2026-35593). Confidential information can be exposed externally.
|
| CVE-2026-6365 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6367 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
|
| CVE-2026-6871 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6095 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34241 |
|
Cross-Site Scripting (XSS) in CVE-2026-34241 (CVE-2026-34241)
cross-site scripting in CVE-2026-34241 (CVE-2026-34241). Confidential information can be exposed externally.
|
| CVE-2026-34246 |
|
Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34234 |
|
OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
OS command injection in CVE-2026-34234 (CVE-2026-34234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34358 |
|
Vulnerability in privilege-escalation (CVE-2026-34358)
vulnerability in privilege-escalation (CVE-2026-34358). Confidential information can be exposed externally.
|
| CVE-2025-15645 |
|
Vulnerability in dos (CVE-2025-15645)
vulnerability in dos (CVE-2025-15645). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32882 |
|
Out-of-Bounds Read in dos (CVE-2026-32882)
vulnerability in dos (CVE-2026-32882). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34216 |
|
Vulnerability in CVE-2026-34216 (CVE-2026-34216)
vulnerability in CVE-2026-34216 (CVE-2026-34216). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57798 |
|
Vulnerability in dos (CVE-2025-57798)
vulnerability in dos (CVE-2025-57798). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46417 |
|
SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
|
| CVE-2026-32739 |
|
Vulnerability in dos (CVE-2026-32739)
vulnerability in dos (CVE-2026-32739). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46374 |
|
Vulnerability in sqlfluff (CVE-2026-46374)
vulnerability in sqlfluff (CVE-2026-46374). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-46373 |
|
Vulnerability in sqlfluff (CVE-2026-46373)
vulnerability in sqlfluff (CVE-2026-46373). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.0` or later.
|
| CVE-2026-45796 |
|
SSRF (Server-Side Request Forgery) in github.com/coder/coder/v2 (CVE-2026-45796)
SSRF in github.com/coder/coder/v2 (CVE-2026-45796). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.
|
| CVE-2026-8370 |
|
Vulnerability in privilege-escalation (CVE-2026-8370)
vulnerability in privilege-escalation (CVE-2026-8370). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33741 |
|
Cross-Site Scripting (XSS) in CVE-2026-33741 (CVE-2026-33741)
cross-site scripting in CVE-2026-33741 (CVE-2026-33741). Confidential information can be exposed externally.
|
| CVE-2026-32738 |
|
Out-of-Bounds Read in dos (CVE-2026-32738)
vulnerability in dos (CVE-2026-32738). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8604 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-8604)
vulnerability in csrf (CVE-2026-8604). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6009 |
|
Unsafe Deserialization in CVE-2026-6009 (CVE-2026-6009)
vulnerability in CVE-2026-6009 (CVE-2026-6009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33633 |
|
Vulnerability in dos (CVE-2026-33633)
vulnerability in dos (CVE-2026-33633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47358 |
|
Vulnerability in ssrf (CVE-2026-47358)
vulnerability in ssrf (CVE-2026-47358). Confidential information can be exposed externally.
|
| CVE-2026-36829 |
|
Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47357 |
|
Vulnerability in ssrf (CVE-2026-47357)
vulnerability in ssrf (CVE-2026-47357). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan`.
|
| CVE-2026-47356 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47356)
SSRF in ssrf (CVE-2026-47356). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan`.
|
| CVE-2026-46426 |
|
Unrestricted File Upload in budibase (CVE-2026-46426)
vulnerability in budibase (CVE-2026-46426). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/process`. Mitigation: upgrade to `3.38.2` or later.
|
| CVE-2026-31072 |
|
Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31069 |
|
SQL Injection in billabear/billabear (CVE-2026-31069)
SQL injection in billabear/billabear (CVE-2026-31069). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30118 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2586 |
|
Code Injection in org.glassfish.main.admingui:console-common (CVE-2026-2586)
code injection in org.glassfish.main.admingui:console-common (CVE-2026-2586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-2587 |
|
Vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587)
vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2025-70950 |
|
Path Traversal in github.com/itang/gohttp (CVE-2025-70950)
path traversal in github.com/itang/gohttp (CVE-2025-70950). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46511 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511). Risk of unauthorized operations or information disclosure. Exploitable via ``jwt``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46396 |
|
Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-46396)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-46396). Risk of unauthorized operations or information disclosure. Exploitable via ``src``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46496 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46393 |
|
SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-45721 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-45721)
vulnerability in github.com/xyproto/algernon (CVE-2026-45721). Successful exploitation can lead to full system takeover. Exploitable via ``DirPage``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-8972 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8972)
vulnerability in privilege-escalation (CVE-2026-8972). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8970 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8970)
vulnerability in privilege-escalation (CVE-2026-8970). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8957 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8957)
vulnerability in privilege-escalation (CVE-2026-8957). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8955 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8955)
vulnerability in privilege-escalation (CVE-2026-8955). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8952 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8952)
vulnerability in privilege-escalation (CVE-2026-8952). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47323 |
|
Vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323)
vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.18.2` or later.
|
| CVE-2026-42100 |
|
Vulnerability in dos (CVE-2026-42100)
vulnerability in dos (CVE-2026-42100). Risk of unauthorized operations or information disclosure.
|