Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-0265 Vulnerability in CVE-2026-0265 (CVE-2026-0265)
vulnerability in CVE-2026-0265 (CVE-2026-0265). Risk of unauthorized operations or information disclosure.
CVE-2024-48519 Vulnerability in cpp (CVE-2024-48519)
vulnerability in cpp (CVE-2024-48519). Risk of unauthorized operations or information disclosure.
CVE-2024-51394 Buffer Overflow in cpp (CVE-2024-51394)
vulnerability in cpp (CVE-2024-51394). Risk of unauthorized operations or information disclosure.
CVE-2026-43998 Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-43999 Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-8493 Cross-Site Scripting (XSS) in drupal/colorbox_inline (CVE-2026-8493)
cross-site scripting in drupal/colorbox_inline (CVE-2026-8493). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.1` or later.
CVE-2026-44470 Vulnerability in privilege-escalation (CVE-2026-44470)
vulnerability in privilege-escalation (CVE-2026-44470). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.3834.0` or later.
CVE-2026-42946 Vulnerability in nginx (CVE-2026-42946)
vulnerability in nginx (CVE-2026-42946). Confidential information can be exposed externally. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-42945 Vulnerability in nginx (CVE-2026-42945)
vulnerability in nginx (CVE-2026-42945). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-42934 Out-of-Bounds Read in nginx (CVE-2026-42934)
vulnerability in nginx (CVE-2026-42934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-42924 OS Command Injection in privilege-escalation (CVE-2026-42924)
OS command injection in privilege-escalation (CVE-2026-42924). Confidential information can be exposed externally.
CVE-2026-42780 Path Traversal in path-traversal (CVE-2026-42780)
path traversal in path-traversal (CVE-2026-42780). Data can be tampered with by attackers.
CVE-2026-41957 Unsafe Deserialization in f5 (CVE-2026-41957)
vulnerability in f5 (CVE-2026-41957). Successful exploitation can lead to full system takeover.
CVE-2026-41953 Command Injection in privilege-escalation (CVE-2026-41953)
command injection in privilege-escalation (CVE-2026-41953). Confidential information can be exposed externally.
CVE-2026-41227 Vulnerability in dos (CVE-2026-41227)
vulnerability in dos (CVE-2026-41227). Risk of unauthorized operations or information disclosure.
CVE-2026-40703 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-40703)
vulnerability in csrf (CVE-2026-40703). Risk of unauthorized operations or information disclosure.
CVE-2026-40701 Use-After-Free in nginx (CVE-2026-40701)
vulnerability in nginx (CVE-2026-40701). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-40698 Command Injection in privilege-escalation (CVE-2026-40698)
command injection in privilege-escalation (CVE-2026-40698). Confidential information can be exposed externally.
CVE-2026-40631 Vulnerability in privilege-escalation (CVE-2026-40631)
vulnerability in privilege-escalation (CVE-2026-40631). Confidential information can be exposed externally.
CVE-2026-40460 Vulnerability in nginx (CVE-2026-40460)
vulnerability in nginx (CVE-2026-40460). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-24464 Vulnerability in path-traversal (CVE-2026-24464)
vulnerability in path-traversal (CVE-2026-24464). Data can be tampered with by attackers.
CVE-2025-32425 Vulnerability in dos (CVE-2025-32425)
vulnerability in dos (CVE-2025-32425). Risk of unauthorized operations or information disclosure.
CVE-2024-51395 Vulnerability in cpp (CVE-2024-51395)
vulnerability in cpp (CVE-2024-51395). Risk of unauthorized operations or information disclosure.
CVE-2020-37226 SQL Injection in sqli (CVE-2020-37226)
SQL injection in sqli (CVE-2020-37226). Confidential information can be exposed externally.
CVE-2020-37225 Cross-Site Scripting (XSS) in CVE-2020-37225 (CVE-2020-37225)
cross-site scripting in CVE-2020-37225 (CVE-2020-37225). Risk of unauthorized operations or information disclosure.
CVE-2020-37220 Vulnerability in CVE-2020-37220 (CVE-2020-37220)
vulnerability in CVE-2020-37220 (CVE-2020-37220). Confidential information can be exposed externally.
CVE-2020-37219 Path Traversal in path-traversal (CVE-2020-37219)
path traversal in path-traversal (CVE-2020-37219). Confidential information can be exposed externally.
CVE-2020-37218 SQL Injection in sqli (CVE-2020-37218)
SQL injection in sqli (CVE-2020-37218). Confidential information can be exposed externally.
CVE-2020-37224 SQL Injection in sqli (CVE-2020-37224)
SQL injection in sqli (CVE-2020-37224). Confidential information can be exposed externally.
CVE-2020-37222 Cross-Site Scripting (XSS) in c (CVE-2020-37222)
cross-site scripting in c (CVE-2020-37222). Risk of unauthorized operations or information disclosure.
CVE-2020-37174 Cross-Site Scripting (XSS) in CVE-2020-37174 (CVE-2020-37174)
cross-site scripting in CVE-2020-37174 (CVE-2020-37174). Risk of unauthorized operations or information disclosure.
CVE-2026-44797 SSRF (Server-Side Request Forgery) in nautobot (CVE-2026-44797)
SSRF in nautobot (CVE-2026-44797). Confidential information can be exposed externally. Exploitable via ``Webhook``. Mitigation: upgrade to `2.4.33` or later.
CVE-2026-44796 Vulnerability in nautobot (CVE-2026-44796)
vulnerability in nautobot (CVE-2026-44796). Risk of unauthorized operations or information disclosure. Exploitable via ``find``. Mitigation: upgrade to `2.4.33` or later.
CVE-2026-4608 SQL Injection in wordpress (CVE-2026-4608)
SQL injection in wordpress (CVE-2026-4608). Confidential information can be exposed externally.
CVE-2026-39806 Vulnerability in bandit (CVE-2026-39806)
vulnerability in bandit (CVE-2026-39806). Risk of unauthorized operations or information disclosure. Exploitable via ``rest``. Mitigation: upgrade to `1.11.1` or later.
CVE-2026-39803 Vulnerability in bandit (CVE-2026-39803)
vulnerability in bandit (CVE-2026-39803). Risk of unauthorized operations or information disclosure. Exploitable via ``Plug.Parsers``. Mitigation: upgrade to `1.11.1` or later.
CVE-2026-37429 SQL Injection in sqli (CVE-2026-37429)
SQL injection in sqli (CVE-2026-37429). Risk of unauthorized operations or information disclosure.
CVE-2026-37428 SQL Injection in sqli (CVE-2026-37428)
SQL injection in sqli (CVE-2026-37428). Risk of unauthorized operations or information disclosure.
CVE-2026-42961 Vulnerability in csrf (CVE-2026-42961)
vulnerability in csrf (CVE-2026-42961). Risk of unauthorized operations or information disclosure.
CVE-2026-6177 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
CVE-2026-42948 Cross-Site Scripting (XSS) in CVE-2026-42948 (CVE-2026-42948)
cross-site scripting in CVE-2026-42948 (CVE-2026-42948). Risk of unauthorized operations or information disclosure.
CVE-2026-4798 SQL Injection in wordpress (CVE-2026-4798)
SQL injection in wordpress (CVE-2026-4798). Confidential information can be exposed externally.
CVE-2024-47091 Vulnerability in privilege-escalation (CVE-2024-47091)
vulnerability in privilege-escalation (CVE-2024-47091). Risk of unauthorized operations or information disclosure.
CVE-2026-25705 Vulnerability in github.com/rancher/rancher (CVE-2026-25705)
vulnerability in github.com/rancher/rancher (CVE-2026-25705). Successful exploitation can lead to full system takeover. Exploitable via ``compressedEndpoint``. Mitigation: upgrade to `2.11.13` or later.
CVE-2026-3004 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3004)
cross-site scripting in wordpress (CVE-2026-3004). Risk of unauthorized operations or information disclosure.
CVE-2025-14767 Cross-Site Scripting (XSS) in wordpress (CVE-2025-14767)
cross-site scripting in wordpress (CVE-2025-14767). Risk of unauthorized operations or information disclosure. Exploitable via ``wpcbm_best_seller``.
CVE-2026-6929 SQL Injection in wordpress (CVE-2026-6929)
SQL injection in wordpress (CVE-2026-6929). Confidential information can be exposed externally.
CVE-2026-7635 Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
CVE-2026-7619 SQL Injection in wordpress (CVE-2026-7619)
SQL injection in wordpress (CVE-2026-7619). Confidential information can be exposed externally.
CVE-2026-6962 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6962)
cross-site scripting in wordpress (CVE-2026-6962). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →