Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-6828 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6828)
cross-site scripting in wordpress (CVE-2026-6828). Risk of unauthorized operations or information disclosure.
CVE-2025-9989 Cross-Site Scripting (XSS) in wordpress (CVE-2025-9989)
cross-site scripting in wordpress (CVE-2025-9989). Risk of unauthorized operations or information disclosure.
CVE-2026-6888 SQL Injection in sqli (CVE-2026-6888)
SQL injection in sqli (CVE-2026-6888). Successful exploitation can lead to full system takeover.
CVE-2025-62624 Vulnerability in privilege-escalation (CVE-2025-62624)
vulnerability in privilege-escalation (CVE-2025-62624). Risk of unauthorized operations or information disclosure.
CVE-2025-62623 Buffer Overflow in privilege-escalation (CVE-2025-62623)
vulnerability in privilege-escalation (CVE-2025-62623). Risk of unauthorized operations or information disclosure.
CVE-2026-45028 Vulnerability in astro (CVE-2026-45028)
vulnerability in astro (CVE-2026-45028). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.10` or later.
CVE-2026-42288 Code Injection in CVE-2026-42288 (CVE-2026-42288)
code injection in CVE-2026-42288 (CVE-2026-42288). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-43680 Code Injection in claris (CVE-2026-43680)
code injection in claris (CVE-2026-43680). Successful exploitation can lead to full system takeover.
CVE-2026-43685 OS Command Injection in claris (CVE-2026-43685)
OS command injection in claris (CVE-2026-43685). Successful exploitation can lead to full system takeover.
CVE-2026-42289 Privilege Escalation in csrf (CVE-2026-42289)
vulnerability in csrf (CVE-2026-42289). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-42157 Cross-Site Scripting (XSS) in CVE-2026-42157 (CVE-2026-42157)
cross-site scripting in CVE-2026-42157 (CVE-2026-42157). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.3` or later.
CVE-2026-1250 SQL Injection in wordpress (CVE-2026-1250)
SQL injection in wordpress (CVE-2026-1250). Confidential information can be exposed externally.
CVE-2026-44652 SSRF (Server-Side Request Forgery) in sillytavern (CVE-2026-44652)
SSRF in sillytavern (CVE-2026-44652). Risk of unauthorized operations or information disclosure. Exploitable via `GET /proxy/`. Mitigation: upgrade to `1.18.0` or later.
CVE-2026-8449 Out-of-Bounds Read in privilege-escalation (CVE-2026-8449)
vulnerability in privilege-escalation (CVE-2026-8449). Successful exploitation can lead to full system takeover.
CVE-2026-45225 Path Traversal in path-traversal (CVE-2026-45225)
path traversal in path-traversal (CVE-2026-45225). Data can be tampered with by attackers.
CVE-2026-44307 Path Traversal in Mako (CVE-2026-44307)
path traversal in Mako (CVE-2026-44307). Risk of unauthorized operations or information disclosure. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.12` or later.
CVE-2026-44296 Vulnerability in dos (CVE-2026-44296)
vulnerability in dos (CVE-2026-44296). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.0.167` or later.
CVE-2026-44258 OS Command Injection in path-traversal (CVE-2026-44258)
OS command injection in path-traversal (CVE-2026-44258). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.08.010` or later.
CVE-2026-42854 Vulnerability in espressif (CVE-2026-42854)
vulnerability in espressif (CVE-2026-42854). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.3.8` or later.
CVE-2026-42196 Path Traversal in django-s3file (CVE-2026-42196)
path traversal in django-s3file (CVE-2026-42196). Risk of unauthorized operations or information disclosure. Exploitable via ``S3FileMiddleware``. Mitigation: upgrade to `7.0.2` or later.
CVE-2026-41195 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41195)
SSRF in ssrf (CVE-2026-41195). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.13` or later.
CVE-2026-40863 Vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863). Risk of unauthorized operations or information disclosure. Exploitable via ``cachedHighestRow``. Mitigation: upgrade to `1.30.4` or later.
CVE-2026-44403 Code Injection in wftpserver (CVE-2026-44403)
code injection in wftpserver (CVE-2026-44403). Successful exploitation can lead to full system takeover.
CVE-2026-44232 Vulnerability in dssrf (CVE-2026-44232)
vulnerability in dssrf (CVE-2026-44232). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-7474 Path Traversal in github.com/hashicorp/nomad (CVE-2026-7474)
path traversal in github.com/hashicorp/nomad (CVE-2026-7474). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.11.0-rc.1.0.20260511152149-cd7240c4099a` or later.
CVE-2026-44864 SQL Injection in sqli (CVE-2026-44864)
SQL injection in sqli (CVE-2026-44864). Successful exploitation can lead to full system takeover.
CVE-2026-44854 Command Injection in arubanetworks (CVE-2026-44854)
command injection in arubanetworks (CVE-2026-44854). Successful exploitation can lead to full system takeover.
CVE-2026-44860 SQL Injection in sqli (CVE-2026-44860)
SQL injection in sqli (CVE-2026-44860). Successful exploitation can lead to full system takeover.
CVE-2026-44861 SQL Injection in sqli (CVE-2026-44861)
SQL injection in sqli (CVE-2026-44861). Successful exploitation can lead to full system takeover.
CVE-2026-44862 SQL Injection in sqli (CVE-2026-44862)
SQL injection in sqli (CVE-2026-44862). Successful exploitation can lead to full system takeover.
CVE-2026-44863 SQL Injection in sqli (CVE-2026-44863)
SQL injection in sqli (CVE-2026-44863). Successful exploitation can lead to full system takeover.
CVE-2026-44852 Vulnerability in arubanetworks (CVE-2026-44852)
vulnerability in arubanetworks (CVE-2026-44852). Successful exploitation can lead to full system takeover.
CVE-2026-44853 Command Injection in arubanetworks (CVE-2026-44853)
command injection in arubanetworks (CVE-2026-44853). Successful exploitation can lead to full system takeover.
CVE-2026-42889 Vulnerability in CVE-2026-42889 (CVE-2026-42889)
vulnerability in CVE-2026-42889 (CVE-2026-42889). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.7` or later.
CVE-2026-42338 Cross-Site Scripting (XSS) in ip-address (CVE-2026-42338)
cross-site scripting in ip-address (CVE-2026-42338). Risk of unauthorized operations or information disclosure. Exploitable via ``AddressError.parseMessage``. Mitigation: upgrade to `10.1.1` or later.
CVE-2026-34686 Cross-Site Scripting (XSS) in adobe (CVE-2026-34686)
cross-site scripting in adobe (CVE-2026-34686). Confidential information can be exposed externally.
CVE-2026-34653 Path Traversal in path-traversal (CVE-2026-34653)
path traversal in path-traversal (CVE-2026-34653). Confidential information can be exposed externally.
CVE-2026-34655 Cross-Site Scripting (XSS) in adobe (CVE-2026-34655)
cross-site scripting in adobe (CVE-2026-34655). Risk of unauthorized operations or information disclosure.
CVE-2026-34658 Cross-Site Scripting (XSS) in adobe (CVE-2026-34658)
cross-site scripting in adobe (CVE-2026-34658). Risk of unauthorized operations or information disclosure.
CVE-2026-34647 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34647)
SSRF in ssrf (CVE-2026-34647). Confidential information can be exposed externally.
CVE-2026-23827 Vulnerability in dos (CVE-2026-23827)
vulnerability in dos (CVE-2026-23827). Risk of unauthorized operations or information disclosure.
CVE-2026-8429 Code Injection in CVE-2026-8429 (CVE-2026-8429)
code injection in CVE-2026-8429 (CVE-2026-8429). Successful exploitation can lead to full system takeover.
CVE-2026-8430 Code Injection in nginx (CVE-2026-8430)
code injection in nginx (CVE-2026-8430). Successful exploitation can lead to full system takeover.
CVE-2026-34664 Path Traversal in path-traversal (CVE-2026-34664)
path traversal in path-traversal (CVE-2026-34664). Confidential information can be exposed externally.
CVE-2026-34659 Unsafe Deserialization in deserialization (CVE-2026-34659)
vulnerability in deserialization (CVE-2026-34659). Successful exploitation can lead to full system takeover.
CVE-2026-40413 Vulnerability in microsoft (CVE-2026-40413)
vulnerability in microsoft (CVE-2026-40413). Risk of unauthorized operations or information disclosure.
CVE-2026-40414 Vulnerability in microsoft (CVE-2026-40414)
vulnerability in microsoft (CVE-2026-40414). Risk of unauthorized operations or information disclosure.
CVE-2026-40401 Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
CVE-2026-35422 Vulnerability in microsoft (CVE-2026-35422)
vulnerability in microsoft (CVE-2026-35422). Data can be tampered with by attackers.
CVE-2026-35439 Unsafe Deserialization in deserialization (CVE-2026-35439)
vulnerability in deserialization (CVE-2026-35439). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →