Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-0265 |
|
Vulnerability in CVE-2026-0265 (CVE-2026-0265)
vulnerability in CVE-2026-0265 (CVE-2026-0265). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-48519 |
|
Vulnerability in cpp (CVE-2024-48519)
vulnerability in cpp (CVE-2024-48519). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-51394 |
|
Buffer Overflow in cpp (CVE-2024-51394)
vulnerability in cpp (CVE-2024-51394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43998 |
|
Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43999 |
|
Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-8493 |
|
Cross-Site Scripting (XSS) in drupal/colorbox_inline (CVE-2026-8493)
cross-site scripting in drupal/colorbox_inline (CVE-2026-8493). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.1` or later.
|
| CVE-2026-44470 |
|
Vulnerability in privilege-escalation (CVE-2026-44470)
vulnerability in privilege-escalation (CVE-2026-44470). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.3834.0` or later.
|
| CVE-2026-42946 |
|
Vulnerability in nginx (CVE-2026-42946)
vulnerability in nginx (CVE-2026-42946). Confidential information can be exposed externally. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42945 |
|
Vulnerability in nginx (CVE-2026-42945)
vulnerability in nginx (CVE-2026-42945). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42934 |
|
Out-of-Bounds Read in nginx (CVE-2026-42934)
vulnerability in nginx (CVE-2026-42934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42924 |
|
OS Command Injection in privilege-escalation (CVE-2026-42924)
OS command injection in privilege-escalation (CVE-2026-42924). Confidential information can be exposed externally.
|
| CVE-2026-42780 |
|
Path Traversal in path-traversal (CVE-2026-42780)
path traversal in path-traversal (CVE-2026-42780). Data can be tampered with by attackers.
|
| CVE-2026-41957 |
|
Unsafe Deserialization in f5 (CVE-2026-41957)
vulnerability in f5 (CVE-2026-41957). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41953 |
|
Command Injection in privilege-escalation (CVE-2026-41953)
command injection in privilege-escalation (CVE-2026-41953). Confidential information can be exposed externally.
|
| CVE-2026-41227 |
|
Vulnerability in dos (CVE-2026-41227)
vulnerability in dos (CVE-2026-41227). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40703 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-40703)
vulnerability in csrf (CVE-2026-40703). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40701 |
|
Use-After-Free in nginx (CVE-2026-40701)
vulnerability in nginx (CVE-2026-40701). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-40698 |
|
Command Injection in privilege-escalation (CVE-2026-40698)
command injection in privilege-escalation (CVE-2026-40698). Confidential information can be exposed externally.
|
| CVE-2026-40631 |
|
Vulnerability in privilege-escalation (CVE-2026-40631)
vulnerability in privilege-escalation (CVE-2026-40631). Confidential information can be exposed externally.
|
| CVE-2026-40460 |
|
Vulnerability in nginx (CVE-2026-40460)
vulnerability in nginx (CVE-2026-40460). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-24464 |
|
Vulnerability in path-traversal (CVE-2026-24464)
vulnerability in path-traversal (CVE-2026-24464). Data can be tampered with by attackers.
|
| CVE-2025-32425 |
|
Vulnerability in dos (CVE-2025-32425)
vulnerability in dos (CVE-2025-32425). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-51395 |
|
Vulnerability in cpp (CVE-2024-51395)
vulnerability in cpp (CVE-2024-51395). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37226 |
|
SQL Injection in sqli (CVE-2020-37226)
SQL injection in sqli (CVE-2020-37226). Confidential information can be exposed externally.
|
| CVE-2020-37225 |
|
Cross-Site Scripting (XSS) in CVE-2020-37225 (CVE-2020-37225)
cross-site scripting in CVE-2020-37225 (CVE-2020-37225). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37220 |
|
Vulnerability in CVE-2020-37220 (CVE-2020-37220)
vulnerability in CVE-2020-37220 (CVE-2020-37220). Confidential information can be exposed externally.
|
| CVE-2020-37219 |
|
Path Traversal in path-traversal (CVE-2020-37219)
path traversal in path-traversal (CVE-2020-37219). Confidential information can be exposed externally.
|
| CVE-2020-37218 |
|
SQL Injection in sqli (CVE-2020-37218)
SQL injection in sqli (CVE-2020-37218). Confidential information can be exposed externally.
|
| CVE-2020-37224 |
|
SQL Injection in sqli (CVE-2020-37224)
SQL injection in sqli (CVE-2020-37224). Confidential information can be exposed externally.
|
| CVE-2020-37222 |
|
Cross-Site Scripting (XSS) in c (CVE-2020-37222)
cross-site scripting in c (CVE-2020-37222). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37174 |
|
Cross-Site Scripting (XSS) in CVE-2020-37174 (CVE-2020-37174)
cross-site scripting in CVE-2020-37174 (CVE-2020-37174). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44797 |
|
SSRF (Server-Side Request Forgery) in nautobot (CVE-2026-44797)
SSRF in nautobot (CVE-2026-44797). Confidential information can be exposed externally. Exploitable via ``Webhook``. Mitigation: upgrade to `2.4.33` or later.
|
| CVE-2026-44796 |
|
Vulnerability in nautobot (CVE-2026-44796)
vulnerability in nautobot (CVE-2026-44796). Risk of unauthorized operations or information disclosure. Exploitable via ``find``. Mitigation: upgrade to `2.4.33` or later.
|
| CVE-2026-4608 |
|
SQL Injection in wordpress (CVE-2026-4608)
SQL injection in wordpress (CVE-2026-4608). Confidential information can be exposed externally.
|
| CVE-2026-39806 |
|
Vulnerability in bandit (CVE-2026-39806)
vulnerability in bandit (CVE-2026-39806). Risk of unauthorized operations or information disclosure. Exploitable via ``rest``. Mitigation: upgrade to `1.11.1` or later.
|
| CVE-2026-39803 |
|
Vulnerability in bandit (CVE-2026-39803)
vulnerability in bandit (CVE-2026-39803). Risk of unauthorized operations or information disclosure. Exploitable via ``Plug.Parsers``. Mitigation: upgrade to `1.11.1` or later.
|
| CVE-2026-37429 |
|
SQL Injection in sqli (CVE-2026-37429)
SQL injection in sqli (CVE-2026-37429). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37428 |
|
SQL Injection in sqli (CVE-2026-37428)
SQL injection in sqli (CVE-2026-37428). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42961 |
|
Vulnerability in csrf (CVE-2026-42961)
vulnerability in csrf (CVE-2026-42961). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6177 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42948 |
|
Cross-Site Scripting (XSS) in CVE-2026-42948 (CVE-2026-42948)
cross-site scripting in CVE-2026-42948 (CVE-2026-42948). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4798 |
|
SQL Injection in wordpress (CVE-2026-4798)
SQL injection in wordpress (CVE-2026-4798). Confidential information can be exposed externally.
|
| CVE-2024-47091 |
|
Vulnerability in privilege-escalation (CVE-2024-47091)
vulnerability in privilege-escalation (CVE-2024-47091). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25705 |
|
Vulnerability in github.com/rancher/rancher (CVE-2026-25705)
vulnerability in github.com/rancher/rancher (CVE-2026-25705). Successful exploitation can lead to full system takeover. Exploitable via ``compressedEndpoint``. Mitigation: upgrade to `2.11.13` or later.
|
| CVE-2026-3004 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3004)
cross-site scripting in wordpress (CVE-2026-3004). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14767 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-14767)
cross-site scripting in wordpress (CVE-2025-14767). Risk of unauthorized operations or information disclosure. Exploitable via ``wpcbm_best_seller``.
|
| CVE-2026-6929 |
|
SQL Injection in wordpress (CVE-2026-6929)
SQL injection in wordpress (CVE-2026-6929). Confidential information can be exposed externally.
|
| CVE-2026-7635 |
|
Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
|
| CVE-2026-7619 |
|
SQL Injection in wordpress (CVE-2026-7619)
SQL injection in wordpress (CVE-2026-7619). Confidential information can be exposed externally.
|
| CVE-2026-6962 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6962)
cross-site scripting in wordpress (CVE-2026-6962). Risk of unauthorized operations or information disclosure.
|