Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-42129 The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
CVE-2023-45796 Cross-Site Scripting (XSS) in CVE-2023-45796 (CVE-2023-45796)
cross-site scripting in CVE-2023-45796 (CVE-2023-45796). Data can be tampered with by attackers.
CVE-2023-45795 Cross-Site Scripting (XSS) in CVE-2023-45795 (CVE-2023-45795)
cross-site scripting in CVE-2023-45795 (CVE-2023-45795). Successful exploitation can lead to full system takeover.
CVE-2026-4259 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4259)
cross-site scripting in wordpress (CVE-2026-4259). Risk of unauthorized operations or information disclosure.
CVE-2026-6858 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6858)
cross-site scripting in wordpress (CVE-2026-6858). Risk of unauthorized operations or information disclosure.
CVE-2025-66336 SQL Injection in apache (CVE-2025-66336)
SQL injection in apache (CVE-2025-66336). Confidential information can be exposed externally.
CVE-2026-56382 Code Injection in CVE-2026-56382 (CVE-2026-56382)
code injection in CVE-2026-56382 (CVE-2026-56382). Successful exploitation can lead to full system takeover.
CVE-2026-56239 Privilege Escalation in privilege-escalation (CVE-2026-56239)
vulnerability in privilege-escalation (CVE-2026-56239). Data can be tampered with by attackers.
CVE-2025-71348 Unsafe Deserialization in mmaitre314 (CVE-2025-71348)
vulnerability in mmaitre314 (CVE-2025-71348). Confidential information can be exposed externally.
CVE-2026-12775 Vulnerability in sqli (CVE-2026-12775)
vulnerability in sqli (CVE-2026-12775). Risk of unauthorized operations or information disclosure.
CVE-2026-56340 Vulnerability in dos (CVE-2026-56340)
vulnerability in dos (CVE-2026-56340). Successful exploitation can lead to full system takeover.
CVE-2020-37255 Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
CVE-2026-11911 Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
CVE-2026-9843 Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
CVE-2026-56082 Vulnerability in dos (CVE-2026-56082)
vulnerability in dos (CVE-2026-56082). Data can be tampered with by attackers.
CVE-2026-32208 Cross-Site Scripting (XSS) in microsoft (CVE-2026-32208)
cross-site scripting in microsoft (CVE-2026-32208). Successful exploitation can lead to full system takeover.
CVE-2026-9375 Vulnerability in dos (CVE-2026-9375)
vulnerability in dos (CVE-2026-9375). Risk of unauthorized operations or information disclosure. Exploitable via ``response.py``.
CVE-2026-54074 Code Injection in @tinacms/cli (CVE-2026-54074)
code injection in @tinacms/cli (CVE-2026-54074). Successful exploitation can lead to full system takeover. Exploitable via ``addVariablesToCode``. Mitigation: upgrade to `2.4.3` or later.
CVE-2026-54592 Out-of-Bounds Read in oj (CVE-2026-54592)
vulnerability in oj (CVE-2026-54592). Risk of unauthorized operations or information disclosure. Exploitable via ``doc_each_child``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54297 Vulnerability in faraday (CVE-2026-54297)
vulnerability in faraday (CVE-2026-54297). Risk of unauthorized operations or information disclosure. Exploitable via ``Hash``. Mitigation: upgrade to `1.10.6` or later.
CVE-2026-23879 Vulnerability in py7zr (CVE-2026-23879)
vulnerability in py7zr (CVE-2026-23879). Successful exploitation can lead to full system takeover. Exploitable via ``py7zr``. Mitigation: upgrade to `1.1.3` or later.
CVE-2026-49339 Path Traversal in go.senan.xyz/gonic (CVE-2026-49339)
path traversal in go.senan.xyz/gonic (CVE-2026-49339). Data can be tampered with by attackers. Exploitable via ``playlist.UserID``. Mitigation: upgrade to `0.21.0` or later.
CVE-2026-49293 Vulnerability in js-toml (CVE-2026-49293)
vulnerability in js-toml (CVE-2026-49293). Risk of unauthorized operations or information disclosure. Exploitable via ``parseBigInt``. Mitigation: upgrade to `1.1.1` or later.
CVE-2019-25758 Unrestricted File Upload in CVE-2019-25758 (CVE-2019-25758)
vulnerability in CVE-2019-25758 (CVE-2019-25758). Successful exploitation can lead to full system takeover.
CVE-2019-25759 SQL Injection in sqli (CVE-2019-25759)
SQL injection in sqli (CVE-2019-25759). Confidential information can be exposed externally.
CVE-2019-25761 SQL Injection in sqli (CVE-2019-25761)
SQL injection in sqli (CVE-2019-25761). Confidential information can be exposed externally.
CVE-2026-56208 Vulnerability in dos (CVE-2026-56208)
vulnerability in dos (CVE-2026-56208). Risk of unauthorized operations or information disclosure.
CVE-2019-25749 SQL Injection in sqli (CVE-2019-25749)
SQL injection in sqli (CVE-2019-25749). Confidential information can be exposed externally.
CVE-2019-25755 SQL Injection in sqli (CVE-2019-25755)
SQL injection in sqli (CVE-2019-25755). Confidential information can be exposed externally.
CVE-2019-25754 SQL Injection in sqli (CVE-2019-25754)
SQL injection in sqli (CVE-2019-25754). Confidential information can be exposed externally.
CVE-2019-25757 SQL Injection in sqli (CVE-2019-25757)
SQL injection in sqli (CVE-2019-25757). Confidential information can be exposed externally.
CVE-2019-25751 SQL Injection in sqli (CVE-2019-25751)
SQL injection in sqli (CVE-2019-25751). Confidential information can be exposed externally.
CVE-2026-56210 Out-of-Bounds Read in dos (CVE-2026-56210)
vulnerability in dos (CVE-2026-56210). Risk of unauthorized operations or information disclosure.
CVE-2026-56209 Out-of-Bounds Write in dos (CVE-2026-56209)
out-of-bounds write in dos (CVE-2026-56209). Risk of unauthorized operations or information disclosure.
CVE-2019-25750 SQL Injection in sqli (CVE-2019-25750)
SQL injection in sqli (CVE-2019-25750). Confidential information can be exposed externally.
CVE-2019-25753 SQL Injection in sqli (CVE-2019-25753)
SQL injection in sqli (CVE-2019-25753). Confidential information can be exposed externally.
CVE-2026-56211 Out-of-Bounds Write in CVE-2026-56211 (CVE-2026-56211)
out-of-bounds write in CVE-2026-56211 (CVE-2026-56211). Data can be tampered with by attackers.
CVE-2019-25752 SQL Injection in sqli (CVE-2019-25752)
SQL injection in sqli (CVE-2019-25752). Confidential information can be exposed externally.
CVE-2019-25756 SQL Injection in sqli (CVE-2019-25756)
SQL injection in sqli (CVE-2019-25756). Confidential information can be exposed externally.
CVE-2017-20278 SQL Injection in sqli (CVE-2017-20278)
SQL injection in sqli (CVE-2017-20278). Confidential information can be exposed externally.
CVE-2017-20281 SQL Injection in sqli (CVE-2017-20281)
SQL injection in sqli (CVE-2017-20281). Confidential information can be exposed externally.
CVE-2017-20282 SQL Injection in sqli (CVE-2017-20282)
SQL injection in sqli (CVE-2017-20282). Confidential information can be exposed externally.
CVE-2017-20270 SQL Injection in sqli (CVE-2017-20270)
SQL injection in sqli (CVE-2017-20270). Confidential information can be exposed externally.
CVE-2017-20271 SQL Injection in sqli (CVE-2017-20271)
SQL injection in sqli (CVE-2017-20271). Confidential information can be exposed externally.
CVE-2019-25748 SQL Injection in sqli (CVE-2019-25748)
SQL injection in sqli (CVE-2019-25748). Confidential information can be exposed externally.
CVE-2017-20272 SQL Injection in sqli (CVE-2017-20272)
SQL injection in sqli (CVE-2017-20272). Confidential information can be exposed externally.
CVE-2017-20280 SQL Injection in sqli (CVE-2017-20280)
SQL injection in sqli (CVE-2017-20280). Confidential information can be exposed externally.
CVE-2017-20273 SQL Injection in sqli (CVE-2017-20273)
SQL injection in sqli (CVE-2017-20273). Confidential information can be exposed externally.
CVE-2017-20276 SQL Injection in sqli (CVE-2017-20276)
SQL injection in sqli (CVE-2017-20276). Confidential information can be exposed externally.
CVE-2017-20277 SQL Injection in sqli (CVE-2017-20277)
SQL injection in sqli (CVE-2017-20277). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →