Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-44520 Open Redirect in docling-graph (CVE-2026-44520)
vulnerability in docling-graph (CVE-2026-44520). Confidential information can be exposed externally. Exploitable via ``URLInputHandler``. Mitigation: upgrade to `1.5.1` or later.
CVE-2026-44515 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44515)
SSRF in ssrf (CVE-2026-44515). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `28.3.0-beta.1` or later.
CVE-2026-42555 Code Injection in com.ritense.valtimo:document (CVE-2026-42555)
code injection in com.ritense.valtimo:document (CVE-2026-42555). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/management/v1/document-definition/migrate`. Mitigation: upgrade to `12.32.0` or later.
CVE-2026-44885 Path Traversal in github.com/portainer/portainer (CVE-2026-44885)
path traversal in github.com/portainer/portainer (CVE-2026-44885). Data can be tampered with by attackers. Exploitable via ``ExtractTarGz``. Mitigation: upgrade to `2.33.8` or later.
CVE-2026-44792 SQL Injection in n8n (CVE-2026-44792)
SQL injection in n8n (CVE-2026-44792). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44791 Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44789 Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44501 Unsafe Deserialization in react (CVE-2026-44501)
vulnerability in react (CVE-2026-44501). Risk of unauthorized operations or information disclosure. Exploitable via `GET /callback/oidc`. Mitigation: upgrade to `1.5.0.3` or later.
CVE-2026-42591 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591). Confidential information can be exposed externally. Exploitable via `GET /GOTENBERG_SSRF`.
CVE-2026-42281 SSRF (Server-Side Request Forgery) in magicmirror (CVE-2026-42281)
SSRF in magicmirror (CVE-2026-42281). Confidential information can be exposed externally. Exploitable via `GET /cors`. Mitigation: upgrade to `2.36.0` or later.
CVE-2026-42159 Cross-Site Scripting (XSS) in flowsint (CVE-2026-42159)
cross-site scripting in flowsint (CVE-2026-42159). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.3` or later.
CVE-2026-41935 Vulnerability in dos (CVE-2026-41935)
vulnerability in dos (CVE-2026-41935). Risk of unauthorized operations or information disclosure.
CVE-2026-6479 Vulnerability in postgresql (CVE-2026-6479)
vulnerability in postgresql (CVE-2026-6479). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2025-69443 Code Injection in CVE-2025-69443 (CVE-2025-69443)
code injection in CVE-2025-69443 (CVE-2025-69443). Risk of unauthorized operations or information disclosure.
CVE-2026-6637 SQL Injection in postgresql (CVE-2026-6637)
SQL injection in postgresql (CVE-2026-6637). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6476 SQL Injection in postgresql (CVE-2026-6476)
SQL injection in postgresql (CVE-2026-6476). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.10.0, 18.4.0` or later.
CVE-2026-6638 SQL Injection in postgresql (CVE-2026-6638)
SQL injection in postgresql (CVE-2026-6638). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-24710 Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
CVE-2026-21730 Cross-Site Scripting (XSS) in verint (CVE-2026-21730)
cross-site scripting in verint (CVE-2026-21730). Risk of unauthorized operations or information disclosure.
CVE-2026-41932 Cross-Site Scripting (XSS) in CVE-2026-41932 (CVE-2026-41932)
cross-site scripting in CVE-2026-41932 (CVE-2026-41932). Risk of unauthorized operations or information disclosure.
CVE-2026-1630 Cross-Site Scripting (XSS) in CVE-2026-1630 (CVE-2026-1630)
cross-site scripting in CVE-2026-1630 (CVE-2026-1630). Risk of unauthorized operations or information disclosure.
CVE-2026-42457 Cross-Site Scripting (XSS) in CVE-2026-42457 (CVE-2026-42457)
cross-site scripting in CVE-2026-42457 (CVE-2026-42457). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.4.3` or later.
CVE-2026-46442 Code Injection in flowise (CVE-2026-46442)
code injection in flowise (CVE-2026-46442). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/node-custom-function`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-41249 Code Injection in coreshop/core-shop (CVE-2026-41249)
code injection in coreshop/core-shop (CVE-2026-41249). Confidential information can be exposed externally. Exploitable via ``pull_request_target``.
CVE-2026-26062 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062). Risk of unauthorized operations or information disclosure. Exploitable via ``PublishLogs``. Mitigation: upgrade to `4.81.0` or later.
CVE-2026-5790 Cross-Site Scripting (XSS) in CVE-2026-5790 (CVE-2026-5790)
cross-site scripting in CVE-2026-5790 (CVE-2026-5790). Risk of unauthorized operations or information disclosure.
CVE-2026-43644 Cross-Site Scripting (XSS) in github.com/stefanprodan/podinfo (CVE-2026-43644)
cross-site scripting in github.com/stefanprodan/podinfo (CVE-2026-43644). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.1-0.20260519111337-cbebb20fd485` or later.
CVE-2026-24000 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.80.1` or later.
CVE-2026-8468 Vulnerability in plug (CVE-2026-8468)
vulnerability in plug (CVE-2026-8468). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.4, 1.16.3, 1.17.1, 1.18.2, 1.19.2` or later.
CVE-2025-11024 SQL Injection in sqli (CVE-2025-11024)
SQL injection in sqli (CVE-2025-11024). Successful exploitation can lead to full system takeover.
CVE-2026-6174 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6174)
cross-site scripting in wordpress (CVE-2026-6174). Risk of unauthorized operations or information disclosure.
CVE-2026-6504 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6504)
cross-site scripting in wordpress (CVE-2026-6504). Risk of unauthorized operations or information disclosure.
CVE-2018-6400 Vulnerability in jvn (CVE-2018-6400)
vulnerability in jvn (CVE-2018-6400). Successful exploitation can lead to full system takeover.
CVE-2026-6510 Vulnerability in wordpress (CVE-2026-6510)
vulnerability in wordpress (CVE-2026-6510). Successful exploitation can lead to full system takeover.
CVE-2026-6670 Path Traversal in wordpress (CVE-2026-6670)
path traversal in wordpress (CVE-2026-6670). Confidential information can be exposed externally.
CVE-2026-6271 Unrestricted File Upload in wordpress (CVE-2026-6271)
vulnerability in wordpress (CVE-2026-6271). Successful exploitation can lead to full system takeover.
CVE-2026-6506 Vulnerability in wordpress (CVE-2026-6506)
vulnerability in wordpress (CVE-2026-6506). Successful exploitation can lead to full system takeover.
CVE-2026-6225 SQL Injection in wordpress (CVE-2026-6225)
SQL injection in wordpress (CVE-2026-6225). Confidential information can be exposed externally.
CVE-2026-6252 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6252)
cross-site scripting in wordpress (CVE-2026-6252). Risk of unauthorized operations or information disclosure.
CVE-2026-5193 Privilege Escalation in wordpress (CVE-2026-5193)
vulnerability in wordpress (CVE-2026-5193). Data can be tampered with by attackers.
CVE-2026-3718 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3718)
cross-site scripting in wordpress (CVE-2026-3718). Risk of unauthorized operations or information disclosure.
CVE-2026-3694 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3694)
cross-site scripting in wordpress (CVE-2026-3694). Risk of unauthorized operations or information disclosure.
CVE-2026-8280 Vulnerability in gitlab (CVE-2026-8280)
vulnerability in gitlab (CVE-2026-8280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-8181 Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2026-1184 Unsafe Deserialization in gitlab (CVE-2026-1184)
vulnerability in gitlab (CVE-2026-1184). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-1659 Vulnerability in gitlab (CVE-2026-1659)
vulnerability in gitlab (CVE-2026-1659). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2025-14870 Vulnerability in gitlab (CVE-2025-14870)
vulnerability in gitlab (CVE-2025-14870). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-4527 Cross-Site Request Forgery (CSRF) in gitlab (CVE-2026-4527)
vulnerability in gitlab (CVE-2026-4527). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-5243 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5243)
cross-site scripting in wordpress (CVE-2026-5243). Risk of unauthorized operations or information disclosure. Exploitable via ``menu_hover_click``.
CVE-2025-15345 Vulnerability in wordpress (CVE-2025-15345)
vulnerability in wordpress (CVE-2025-15345). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →