Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-31221 Unsafe Deserialization in pytorch-lightning (CVE-2026-31221)
vulnerability in pytorch-lightning (CVE-2026-31221). Successful exploitation can lead to full system takeover.
CVE-2026-31222 Unsafe Deserialization in snorkel (CVE-2026-31222)
vulnerability in snorkel (CVE-2026-31222). Successful exploitation can lead to full system takeover.
CVE-2026-31223 Unsafe Deserialization in snorkel (CVE-2026-31223)
vulnerability in snorkel (CVE-2026-31223). Successful exploitation can lead to full system takeover.
CVE-2026-31224 Unsafe Deserialization in snorkel (CVE-2026-31224)
vulnerability in snorkel (CVE-2026-31224). Successful exploitation can lead to full system takeover.
CVE-2026-31214 Unsafe Deserialization in deserialization (CVE-2026-31214)
vulnerability in deserialization (CVE-2026-31214). Successful exploitation can lead to full system takeover.
CVE-2026-31218 Unsafe Deserialization in deserialization (CVE-2026-31218)
vulnerability in deserialization (CVE-2026-31218). Successful exploitation can lead to full system takeover.
CVE-2026-31219 Unsafe Deserialization in deserialization (CVE-2026-31219)
vulnerability in deserialization (CVE-2026-31219). Successful exploitation can lead to full system takeover.
CVE-2026-31220 Code Injection in syft (CVE-2026-31220)
code injection in syft (CVE-2026-31220). Successful exploitation can lead to full system takeover.
CVE-2026-31216 Vulnerability in dos (CVE-2026-31216)
vulnerability in dos (CVE-2026-31216). Data can be tampered with by attackers. Exploitable via `DELETE /storage/{object_name`.
CVE-2026-31215 Vulnerability in dos (CVE-2026-31215)
vulnerability in dos (CVE-2026-31215). Data can be tampered with by attackers. Exploitable via `DELETE /{index_name}/documents`.
CVE-2026-30810 SSRF (Server-Side Request Forgery) in privilege-escalation (CVE-2026-30810)
SSRF in privilege-escalation (CVE-2026-30810). Successful exploitation can lead to full system takeover.
CVE-2026-30805 Vulnerability in artica (CVE-2026-30805)
vulnerability in artica (CVE-2026-30805). Confidential information can be exposed externally.
CVE-2026-42073 Cross-Site Request Forgery (CSRF) in @gitlawb/openclaude (CVE-2026-42073)
vulnerability in @gitlawb/openclaude (CVE-2026-42073). Risk of unauthorized operations or information disclosure. Exploitable via ``error``. Mitigation: upgrade to `0.5.1` or later.
CVE-2026-8111 SQL Injection in sqli (CVE-2026-8111)
SQL injection in sqli (CVE-2026-8111). Successful exploitation can lead to full system takeover.
CVE-2026-8051 OS Command Injection in ivanti (CVE-2026-8051)
OS command injection in ivanti (CVE-2026-8051). Successful exploitation can lead to full system takeover.
CVE-2026-42260 SSRF (Server-Side Request Forgery) in open-websearch (CVE-2026-42260)
SSRF in open-websearch (CVE-2026-42260). Confidential information can be exposed externally. Exploitable via `GET /internal`. Mitigation: upgrade to `2.1.7` or later.
CVE-2026-32687 SQL Injection in postgrex (CVE-2026-32687)
SQL injection in postgrex (CVE-2026-32687). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.2` or later.
CVE-2025-70842 Cross-Site Scripting (XSS) in CVE-2025-70842 (CVE-2025-70842)
cross-site scripting in CVE-2025-70842 (CVE-2025-70842). Risk of unauthorized operations or information disclosure.
CVE-2026-45090 Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090). Risk of unauthorized operations or information disclosure. Exploitable via ``ParameterAnalysis``. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-45089 Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089). Data can be tampered with by attackers. Exploitable via ``output``. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-45088 Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088). Confidential information can be exposed externally. Exploitable via ``model.Options``. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-45087 Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087). Successful exploitation can lead to full system takeover. Exploitable via `POST /scan`. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-6865 Path Traversal in path-traversal (CVE-2026-6865)
path traversal in path-traversal (CVE-2026-6865). Risk of unauthorized operations or information disclosure.
CVE-2026-45218 SQL Injection in wordpress (CVE-2026-45218)
SQL injection in wordpress (CVE-2026-45218). Confidential information can be exposed externally.
CVE-2026-42741 SQL Injection in sqli (CVE-2026-42741)
SQL injection in sqli (CVE-2026-42741). Confidential information can be exposed externally.
CVE-2026-42742 SQL Injection in sqli (CVE-2026-42742)
SQL injection in sqli (CVE-2026-42742). Confidential information can be exposed externally.
CVE-2026-45211 SQL Injection in sqli (CVE-2026-45211)
SQL injection in sqli (CVE-2026-45211). Confidential information can be exposed externally.
CVE-2026-45213 SQL Injection in sqli (CVE-2026-45213)
SQL injection in sqli (CVE-2026-45213). Confidential information can be exposed externally.
CVE-2026-45214 SQL Injection in sqli (CVE-2026-45214)
SQL injection in sqli (CVE-2026-45214). Confidential information can be exposed externally.
CVE-2026-2465 Authorization Flaw in privilege-escalation (CVE-2026-2465)
vulnerability in privilege-escalation (CVE-2026-2465). Successful exploitation can lead to full system takeover.
CVE-2026-8162 Vulnerability in multiparty (CVE-2026-8162)
vulnerability in multiparty (CVE-2026-8162). Risk of unauthorized operations or information disclosure. Exploitable via ``decodeURI``. Mitigation: upgrade to `4.3.0` or later.
CVE-2026-8161 Vulnerability in multiparty (CVE-2026-8161)
vulnerability in multiparty (CVE-2026-8161). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `4.3.0` or later.
CVE-2026-8159 Vulnerability in multiparty (CVE-2026-8159)
vulnerability in multiparty (CVE-2026-8159). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.3.0` or later.
CVE-2026-8072 Vulnerability in privilege-escalation (CVE-2026-8072)
vulnerability in privilege-escalation (CVE-2026-8072). Risk of unauthorized operations or information disclosure.
CVE-2026-6800 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6800)
cross-site scripting in wordpress (CVE-2026-6800). Risk of unauthorized operations or information disclosure.
CVE-2026-6813 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6813)
cross-site scripting in wordpress (CVE-2026-6813). Risk of unauthorized operations or information disclosure.
CVE-2026-5029 Vulnerability in CVE-2026-5029 (CVE-2026-5029)
vulnerability in CVE-2026-5029 (CVE-2026-5029). Risk of unauthorized operations or information disclosure.
CVE-2026-41125 SQL Injection in sqli (CVE-2026-41125)
SQL injection in sqli (CVE-2026-41125). Data can be tampered with by attackers.
CVE-2026-41551 Vulnerability in path-traversal (CVE-2026-41551)
vulnerability in path-traversal (CVE-2026-41551). Confidential information can be exposed externally.
CVE-2025-40947 OS Command Injection in siemens (CVE-2025-40947)
OS command injection in siemens (CVE-2025-40947). Successful exploitation can lead to full system takeover.
CVE-2025-6577 SQL Injection in sqli (CVE-2025-6577)
SQL injection in sqli (CVE-2025-6577). Successful exploitation can lead to full system takeover.
CVE-2025-40833 Vulnerability in dos (CVE-2025-40833)
vulnerability in dos (CVE-2025-40833). Risk of unauthorized operations or information disclosure.
CVE-2026-7661 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7661)
cross-site scripting in wordpress (CVE-2026-7661). Risk of unauthorized operations or information disclosure. Exploitable via ``box``.
CVE-2026-6256 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6256)
cross-site scripting in wordpress (CVE-2026-6256). Risk of unauthorized operations or information disclosure.
CVE-2026-6690 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6690)
cross-site scripting in wordpress (CVE-2026-6690). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_ajax_nopriv_lp_update_mds``.
CVE-2026-7437 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7437)
cross-site scripting in wordpress (CVE-2026-7437). Risk of unauthorized operations or information disclosure. Exploitable via ``editpos_hidden``.
CVE-2026-6808 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6808)
cross-site scripting in wordpress (CVE-2026-6808). Risk of unauthorized operations or information disclosure.
CVE-2026-7464 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7464)
cross-site scripting in wordpress (CVE-2026-7464). Risk of unauthorized operations or information disclosure. Exploitable via ``page``.
CVE-2026-7659 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7659)
cross-site scripting in wordpress (CVE-2026-7659). Risk of unauthorized operations or information disclosure. Exploitable via ``social``.
CVE-2026-6913 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6913)
cross-site scripting in wordpress (CVE-2026-6913). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →