Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-6828 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6828)
cross-site scripting in wordpress (CVE-2026-6828). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-9989 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-9989)
cross-site scripting in wordpress (CVE-2025-9989). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6888 |
|
SQL Injection in sqli (CVE-2026-6888)
SQL injection in sqli (CVE-2026-6888). Successful exploitation can lead to full system takeover.
|
| CVE-2025-62624 |
|
Vulnerability in privilege-escalation (CVE-2025-62624)
vulnerability in privilege-escalation (CVE-2025-62624). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-62623 |
|
Buffer Overflow in privilege-escalation (CVE-2025-62623)
vulnerability in privilege-escalation (CVE-2025-62623). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45028 |
|
Vulnerability in astro (CVE-2026-45028)
vulnerability in astro (CVE-2026-45028). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.10` or later.
|
| CVE-2026-42288 |
|
Code Injection in CVE-2026-42288 (CVE-2026-42288)
code injection in CVE-2026-42288 (CVE-2026-42288). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-43680 |
|
Code Injection in claris (CVE-2026-43680)
code injection in claris (CVE-2026-43680). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43685 |
|
OS Command Injection in claris (CVE-2026-43685)
OS command injection in claris (CVE-2026-43685). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42289 |
|
Privilege Escalation in csrf (CVE-2026-42289)
vulnerability in csrf (CVE-2026-42289). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-42157 |
|
Cross-Site Scripting (XSS) in CVE-2026-42157 (CVE-2026-42157)
cross-site scripting in CVE-2026-42157 (CVE-2026-42157). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.3` or later.
|
| CVE-2026-1250 |
|
SQL Injection in wordpress (CVE-2026-1250)
SQL injection in wordpress (CVE-2026-1250). Confidential information can be exposed externally.
|
| CVE-2026-44652 |
|
SSRF (Server-Side Request Forgery) in sillytavern (CVE-2026-44652)
SSRF in sillytavern (CVE-2026-44652). Risk of unauthorized operations or information disclosure. Exploitable via `GET /proxy/`. Mitigation: upgrade to `1.18.0` or later.
|
| CVE-2026-8449 |
|
Out-of-Bounds Read in privilege-escalation (CVE-2026-8449)
vulnerability in privilege-escalation (CVE-2026-8449). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45225 |
|
Path Traversal in path-traversal (CVE-2026-45225)
path traversal in path-traversal (CVE-2026-45225). Data can be tampered with by attackers.
|
| CVE-2026-44307 |
|
Path Traversal in Mako (CVE-2026-44307)
path traversal in Mako (CVE-2026-44307). Risk of unauthorized operations or information disclosure. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.12` or later.
|
| CVE-2026-44296 |
|
Vulnerability in dos (CVE-2026-44296)
vulnerability in dos (CVE-2026-44296). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.0.167` or later.
|
| CVE-2026-44258 |
|
OS Command Injection in path-traversal (CVE-2026-44258)
OS command injection in path-traversal (CVE-2026-44258). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.08.010` or later.
|
| CVE-2026-42854 |
|
Vulnerability in espressif (CVE-2026-42854)
vulnerability in espressif (CVE-2026-42854). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.3.8` or later.
|
| CVE-2026-42196 |
|
Path Traversal in django-s3file (CVE-2026-42196)
path traversal in django-s3file (CVE-2026-42196). Risk of unauthorized operations or information disclosure. Exploitable via ``S3FileMiddleware``. Mitigation: upgrade to `7.0.2` or later.
|
| CVE-2026-41195 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41195)
SSRF in ssrf (CVE-2026-41195). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.13` or later.
|
| CVE-2026-40863 |
|
Vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863). Risk of unauthorized operations or information disclosure. Exploitable via ``cachedHighestRow``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-44403 |
|
Code Injection in wftpserver (CVE-2026-44403)
code injection in wftpserver (CVE-2026-44403). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44232 |
|
Vulnerability in dssrf (CVE-2026-44232)
vulnerability in dssrf (CVE-2026-44232). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.3` or later.
|
| CVE-2026-7474 |
|
Path Traversal in github.com/hashicorp/nomad (CVE-2026-7474)
path traversal in github.com/hashicorp/nomad (CVE-2026-7474). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.11.0-rc.1.0.20260511152149-cd7240c4099a` or later.
|
| CVE-2026-44864 |
|
SQL Injection in sqli (CVE-2026-44864)
SQL injection in sqli (CVE-2026-44864). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44854 |
|
Command Injection in arubanetworks (CVE-2026-44854)
command injection in arubanetworks (CVE-2026-44854). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44860 |
|
SQL Injection in sqli (CVE-2026-44860)
SQL injection in sqli (CVE-2026-44860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44861 |
|
SQL Injection in sqli (CVE-2026-44861)
SQL injection in sqli (CVE-2026-44861). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44862 |
|
SQL Injection in sqli (CVE-2026-44862)
SQL injection in sqli (CVE-2026-44862). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44863 |
|
SQL Injection in sqli (CVE-2026-44863)
SQL injection in sqli (CVE-2026-44863). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44852 |
|
Vulnerability in arubanetworks (CVE-2026-44852)
vulnerability in arubanetworks (CVE-2026-44852). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44853 |
|
Command Injection in arubanetworks (CVE-2026-44853)
command injection in arubanetworks (CVE-2026-44853). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42889 |
|
Vulnerability in CVE-2026-42889 (CVE-2026-42889)
vulnerability in CVE-2026-42889 (CVE-2026-42889). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.7` or later.
|
| CVE-2026-42338 |
|
Cross-Site Scripting (XSS) in ip-address (CVE-2026-42338)
cross-site scripting in ip-address (CVE-2026-42338). Risk of unauthorized operations or information disclosure. Exploitable via ``AddressError.parseMessage``. Mitigation: upgrade to `10.1.1` or later.
|
| CVE-2026-34686 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2026-34686)
cross-site scripting in adobe (CVE-2026-34686). Confidential information can be exposed externally.
|
| CVE-2026-34653 |
|
Path Traversal in path-traversal (CVE-2026-34653)
path traversal in path-traversal (CVE-2026-34653). Confidential information can be exposed externally.
|
| CVE-2026-34655 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2026-34655)
cross-site scripting in adobe (CVE-2026-34655). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34658 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2026-34658)
cross-site scripting in adobe (CVE-2026-34658). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34647 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34647)
SSRF in ssrf (CVE-2026-34647). Confidential information can be exposed externally.
|
| CVE-2026-23827 |
|
Vulnerability in dos (CVE-2026-23827)
vulnerability in dos (CVE-2026-23827). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8429 |
|
Code Injection in CVE-2026-8429 (CVE-2026-8429)
code injection in CVE-2026-8429 (CVE-2026-8429). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8430 |
|
Code Injection in nginx (CVE-2026-8430)
code injection in nginx (CVE-2026-8430). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34664 |
|
Path Traversal in path-traversal (CVE-2026-34664)
path traversal in path-traversal (CVE-2026-34664). Confidential information can be exposed externally.
|
| CVE-2026-34659 |
|
Unsafe Deserialization in deserialization (CVE-2026-34659)
vulnerability in deserialization (CVE-2026-34659). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40413 |
|
Vulnerability in microsoft (CVE-2026-40413)
vulnerability in microsoft (CVE-2026-40413). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40414 |
|
Vulnerability in microsoft (CVE-2026-40414)
vulnerability in microsoft (CVE-2026-40414). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40401 |
|
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
|
| CVE-2026-35422 |
|
Vulnerability in microsoft (CVE-2026-35422)
vulnerability in microsoft (CVE-2026-35422). Data can be tampered with by attackers.
|
| CVE-2026-35439 |
|
Unsafe Deserialization in deserialization (CVE-2026-35439)
vulnerability in deserialization (CVE-2026-35439). Successful exploitation can lead to full system takeover.
|