Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-5028 |
|
SQL Injection in wordpress (CVE-2026-5028)
SQL injection in wordpress (CVE-2026-5028). Confidential information can be exposed externally.
|
| CVE-2026-4859 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4859)
cross-site scripting in wordpress (CVE-2026-4859). Risk of unauthorized operations or information disclosure. Exploitable via ``wpsbd_post_carousel``.
|
| CVE-2026-4920 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4920)
cross-site scripting in wordpress (CVE-2026-4920). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6237 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6237)
cross-site scripting in wordpress (CVE-2026-6237). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5340 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5340)
cross-site scripting in wordpress (CVE-2026-5340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5715 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5715)
cross-site scripting in wordpress (CVE-2026-5715). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6247 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6247)
cross-site scripting in wordpress (CVE-2026-6247). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2993 |
|
SQL Injection in wordpress (CVE-2026-2993)
SQL injection in wordpress (CVE-2026-2993). Confidential information can be exposed externally.
|
| CVE-2026-2300 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2300)
cross-site scripting in wordpress (CVE-2026-2300). Risk of unauthorized operations or information disclosure. Exploitable via ``preg_replace``.
|
| CVE-2026-3604 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3604)
cross-site scripting in wordpress (CVE-2026-3604). Risk of unauthorized operations or information disclosure. Exploitable via ``_kcseo_ative_tab``.
|
| CVE-2024-34577 |
|
Cross-Site Scripting (XSS) in jvn (CVE-2024-34577)
cross-site scripting in jvn (CVE-2024-34577). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1185 |
|
Vulnerability in privilege-escalation (CVE-2026-1185)
vulnerability in privilege-escalation (CVE-2026-1185). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0802 |
|
Vulnerability in privilege-escalation (CVE-2026-0802)
vulnerability in privilege-escalation (CVE-2026-0802). Confidential information can be exposed externally.
|
| CVE-2026-0541 |
|
Vulnerability in privilege-escalation (CVE-2026-0541)
vulnerability in privilege-escalation (CVE-2026-0541). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0804 |
|
Vulnerability in path-traversal (CVE-2026-0804)
vulnerability in path-traversal (CVE-2026-0804). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7287 |
|
Vulnerability in dos (CVE-2026-7287)
vulnerability in dos (CVE-2026-7287). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45430 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-45430)
vulnerability in csrf (CVE-2026-45430). Confidential information can be exposed externally.
|
| CVE-2026-40131 |
|
SQL Injection in sqli (CVE-2026-40131)
SQL injection in sqli (CVE-2026-40131). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34260 |
|
SQL Injection in sqli (CVE-2026-34260)
SQL injection in sqli (CVE-2026-34260). Confidential information can be exposed externally.
|
| CVE-2026-0502 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-0502)
vulnerability in csrf (CVE-2026-0502). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27682 |
|
Cross-Site Scripting (XSS) in sap (CVE-2026-27682)
cross-site scripting in sap (CVE-2026-27682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22796 |
|
Vulnerability in jvn (CVE-2026-22796)
vulnerability in jvn (CVE-2026-22796). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45392 |
|
Reserved. Details will be published at disclosure.
Reserved. Details will be published at disclosure.
|
| CVE-2026-43899 |
|
Vulnerability in CVE-2026-43899 (CVE-2026-43899)
vulnerability in CVE-2026-43899 (CVE-2026-43899). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.4-beta.1` or later.
|
| CVE-2026-43900 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-43900)
cross-site scripting in vue (CVE-2026-43900). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.4-beta.1` or later.
|
| CVE-2026-42554 |
|
Cross-Site Scripting (XSS) in github.com/gofiber/fiber/v3 (CVE-2026-42554)
cross-site scripting in github.com/gofiber/fiber/v3 (CVE-2026-42554). Risk of unauthorized operations or information disclosure. Exploitable via ``DefaultRes.AutoFormat``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-43893 |
|
Vulnerability in exiftool-vendored (CVE-2026-43893)
vulnerability in exiftool-vendored (CVE-2026-43893). Data can be tampered with by attackers. Exploitable via ``WriteTask``. Mitigation: upgrade to `35.19.0` or later.
|
| CVE-2026-43884 |
|
SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43884)
SSRF in wwbn/avideo (CVE-2026-43884). Confidential information can be exposed externally. Exploitable via `POST /plugin/AI/receiveAsync.json.php`.
|
| CVE-2026-43880 |
|
Vulnerability in wwbn/avideo (CVE-2026-43880)
vulnerability in wwbn/avideo (CVE-2026-43880). Risk of unauthorized operations or information disclosure. Exploitable via `POST /objects/sendEmail.json.php`.
|
| CVE-2026-43877 |
|
Cross-Site Request Forgery (CSRF) in wwbn/avideo (CVE-2026-43877)
vulnerability in wwbn/avideo (CVE-2026-43877). Risk of unauthorized operations or information disclosure. Exploitable via ``autoCSRFGuard``.
|
| CVE-2026-43879 |
|
SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43879)
SSRF in wwbn/avideo (CVE-2026-43879). Risk of unauthorized operations or information disclosure. Exploitable via `POST /internal/admin/action`.
|
| CVE-2026-42046 |
|
Vulnerability in CVE-2026-42046 (CVE-2026-42046)
vulnerability in CVE-2026-42046 (CVE-2026-42046). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42600 |
|
Path Traversal in github.com/minio/minio (CVE-2026-42600)
path traversal in github.com/minio/minio (CVE-2026-42600). Confidential information can be exposed externally. Exploitable via `POST /minio/storage/{drivePath}/v63/rmpl`. Mitigation: upgrade to `0.0.0-20260414213245` or later.
|
| CVE-2026-42564 |
|
Path Traversal in path-traversal (CVE-2026-42564)
path traversal in path-traversal (CVE-2026-42564). Confidential information can be exposed externally. Mitigation: upgrade to `1.22.0` or later.
|
| CVE-2026-42188 |
|
SSRF (Server-Side Request Forgery) in org.geysermc.geyser:core (CVE-2026-42188)
SSRF in org.geysermc.geyser:core (CVE-2026-42188). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.9.3` or later.
|
| CVE-2026-28983 |
|
Vulnerability in dos (CVE-2026-28983)
vulnerability in dos (CVE-2026-28983). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28908 |
|
Vulnerability in dos (CVE-2026-28908)
vulnerability in dos (CVE-2026-28908). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41489 |
|
Vulnerability in privilege-escalation (CVE-2026-41489)
vulnerability in privilege-escalation (CVE-2026-41489). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8321 |
|
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
|
| CVE-2026-45026 |
|
Cross-Site Scripting (XSS) in CVE-2026-45026 (CVE-2026-45026)
cross-site scripting in CVE-2026-45026 (CVE-2026-45026). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-45025 |
|
Cross-Site Scripting (XSS) in CVE-2026-45025 (CVE-2026-45025)
cross-site scripting in CVE-2026-45025 (CVE-2026-45025). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-42887 |
|
Cross-Site Scripting (XSS) in CVE-2026-42887 (CVE-2026-42887)
cross-site scripting in CVE-2026-42887 (CVE-2026-42887). Confidential information can be exposed externally. Mitigation: upgrade to `2.33.0` or later.
|
| CVE-2026-42882 |
|
Path Traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882)
path traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882). Confidential information can be exposed externally. Exploitable via `PUT /upload/foo/drafts/../restricted/`. Mitigation: upgrade to `0.0.0-20260424211602-1320e4abd46a` or later.
|
| CVE-2026-42870 |
|
Cross-Site Scripting (XSS) in CVE-2026-42870 (CVE-2026-42870)
cross-site scripting in CVE-2026-42870 (CVE-2026-42870). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-42872 |
|
Cross-Site Scripting (XSS) in CVE-2026-42872 (CVE-2026-42872)
cross-site scripting in CVE-2026-42872 (CVE-2026-42872). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-42874 |
|
Vulnerability in microdot (CVE-2026-42874)
vulnerability in microdot (CVE-2026-42874). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.1` or later.
|
| CVE-2026-2614 |
|
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
|
| CVE-2026-44657 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-44657)
cross-site scripting in mantisbt/mantisbt (CVE-2026-44657). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-43979 |
|
Cross-Site Scripting (XSS) in local-deep-research (CVE-2026-43979)
cross-site scripting in local-deep-research (CVE-2026-43979). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/start_research`. Mitigation: upgrade to `1.6.0` or later.
|
| CVE-2026-41149 |
|
Code Injection in mermaid (CVE-2026-41149)
code injection in mermaid (CVE-2026-41149). Risk of unauthorized operations or information disclosure. Exploitable via ``classDef``. Mitigation: upgrade to `10.9.6` or later.
|