Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-6399 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6399)
cross-site scripting in wordpress (CVE-2026-6399). Risk of unauthorized operations or information disclosure.
CVE-2026-6394 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6394)
SSRF in wordpress (CVE-2026-6394). Risk of unauthorized operations or information disclosure.
CVE-2026-3985 SQL Injection in wordpress (CVE-2026-3985)
SQL injection in wordpress (CVE-2026-3985). Confidential information can be exposed externally.
CVE-2026-35593 Path Traversal in CVE-2026-35593 (CVE-2026-35593)
path traversal in CVE-2026-35593 (CVE-2026-35593). Confidential information can be exposed externally.
CVE-2026-6365 Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
CVE-2026-6367 Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
CVE-2026-6871 Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
CVE-2026-6095 Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
CVE-2026-34241 Cross-Site Scripting (XSS) in CVE-2026-34241 (CVE-2026-34241)
cross-site scripting in CVE-2026-34241 (CVE-2026-34241). Confidential information can be exposed externally.
CVE-2026-34246 Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
CVE-2026-34234 OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
OS command injection in CVE-2026-34234 (CVE-2026-34234). Successful exploitation can lead to full system takeover.
CVE-2026-34358 Vulnerability in privilege-escalation (CVE-2026-34358)
vulnerability in privilege-escalation (CVE-2026-34358). Confidential information can be exposed externally.
CVE-2025-15645 Vulnerability in dos (CVE-2025-15645)
vulnerability in dos (CVE-2025-15645). Risk of unauthorized operations or information disclosure.
CVE-2026-32882 Out-of-Bounds Read in dos (CVE-2026-32882)
vulnerability in dos (CVE-2026-32882). Risk of unauthorized operations or information disclosure.
CVE-2026-34216 Vulnerability in CVE-2026-34216 (CVE-2026-34216)
vulnerability in CVE-2026-34216 (CVE-2026-34216). Successful exploitation can lead to full system takeover.
CVE-2025-57798 Vulnerability in dos (CVE-2025-57798)
vulnerability in dos (CVE-2025-57798). Risk of unauthorized operations or information disclosure.
CVE-2026-46417 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
CVE-2026-32739 Vulnerability in dos (CVE-2026-32739)
vulnerability in dos (CVE-2026-32739). Risk of unauthorized operations or information disclosure.
CVE-2026-46374 Vulnerability in sqlfluff (CVE-2026-46374)
vulnerability in sqlfluff (CVE-2026-46374). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.2.0` or later.
CVE-2026-46373 Vulnerability in sqlfluff (CVE-2026-46373)
vulnerability in sqlfluff (CVE-2026-46373). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.0` or later.
CVE-2026-45796 SSRF (Server-Side Request Forgery) in github.com/coder/coder/v2 (CVE-2026-45796)
SSRF in github.com/coder/coder/v2 (CVE-2026-45796). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.
CVE-2026-8370 Vulnerability in privilege-escalation (CVE-2026-8370)
vulnerability in privilege-escalation (CVE-2026-8370). Risk of unauthorized operations or information disclosure.
CVE-2026-33741 Cross-Site Scripting (XSS) in CVE-2026-33741 (CVE-2026-33741)
cross-site scripting in CVE-2026-33741 (CVE-2026-33741). Confidential information can be exposed externally.
CVE-2026-32738 Out-of-Bounds Read in dos (CVE-2026-32738)
vulnerability in dos (CVE-2026-32738). Risk of unauthorized operations or information disclosure.
CVE-2026-8604 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-8604)
vulnerability in csrf (CVE-2026-8604). Successful exploitation can lead to full system takeover.
CVE-2026-6009 Unsafe Deserialization in CVE-2026-6009 (CVE-2026-6009)
vulnerability in CVE-2026-6009 (CVE-2026-6009). Risk of unauthorized operations or information disclosure.
CVE-2026-33633 Vulnerability in dos (CVE-2026-33633)
vulnerability in dos (CVE-2026-33633). Successful exploitation can lead to full system takeover.
CVE-2026-47358 Vulnerability in ssrf (CVE-2026-47358)
vulnerability in ssrf (CVE-2026-47358). Confidential information can be exposed externally.
CVE-2026-36829 Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
CVE-2026-47357 Vulnerability in ssrf (CVE-2026-47357)
vulnerability in ssrf (CVE-2026-47357). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan`.
CVE-2026-47356 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47356)
SSRF in ssrf (CVE-2026-47356). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan`.
CVE-2026-46426 Unrestricted File Upload in budibase (CVE-2026-46426)
vulnerability in budibase (CVE-2026-46426). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/process`. Mitigation: upgrade to `3.38.2` or later.
CVE-2026-31072 Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
CVE-2026-31069 SQL Injection in billabear/billabear (CVE-2026-31069)
SQL injection in billabear/billabear (CVE-2026-31069). Successful exploitation can lead to full system takeover.
CVE-2026-30118 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
CVE-2026-2586 Code Injection in org.glassfish.main.admingui:console-common (CVE-2026-2586)
code injection in org.glassfish.main.admingui:console-common (CVE-2026-2586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-2587 Vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587)
vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
CVE-2025-70950 Path Traversal in github.com/itang/gohttp (CVE-2025-70950)
path traversal in github.com/itang/gohttp (CVE-2025-70950). Risk of unauthorized operations or information disclosure.
CVE-2026-46511 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511). Risk of unauthorized operations or information disclosure. Exploitable via ``jwt``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46396 Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-46396)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-46396). Risk of unauthorized operations or information disclosure. Exploitable via ``src``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46496 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46393 SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-45721 Vulnerability in github.com/xyproto/algernon (CVE-2026-45721)
vulnerability in github.com/xyproto/algernon (CVE-2026-45721). Successful exploitation can lead to full system takeover. Exploitable via ``DirPage``. Mitigation: upgrade to `1.17.7` or later.
CVE-2026-8972 Privilege Escalation in privilege-escalation (CVE-2026-8972)
vulnerability in privilege-escalation (CVE-2026-8972). Successful exploitation can lead to full system takeover.
CVE-2026-8970 Privilege Escalation in privilege-escalation (CVE-2026-8970)
vulnerability in privilege-escalation (CVE-2026-8970). Successful exploitation can lead to full system takeover.
CVE-2026-8957 Privilege Escalation in privilege-escalation (CVE-2026-8957)
vulnerability in privilege-escalation (CVE-2026-8957). Successful exploitation can lead to full system takeover.
CVE-2026-8955 Privilege Escalation in privilege-escalation (CVE-2026-8955)
vulnerability in privilege-escalation (CVE-2026-8955). Successful exploitation can lead to full system takeover.
CVE-2026-8952 Privilege Escalation in privilege-escalation (CVE-2026-8952)
vulnerability in privilege-escalation (CVE-2026-8952). Successful exploitation can lead to full system takeover.
CVE-2026-47323 Vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323)
vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.18.2` or later.
CVE-2026-42100 Vulnerability in dos (CVE-2026-42100)
vulnerability in dos (CVE-2026-42100). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →