Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12076 |
|
SQL Injection in sqli (CVE-2026-12076)
SQL injection in sqli (CVE-2026-12076). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7406 |
|
Privilege Escalation in privilege-escalation (CVE-2025-7406)
vulnerability in privilege-escalation (CVE-2025-7406). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13149 |
|
Vulnerability in dos (CVE-2026-13149)
vulnerability in dos (CVE-2026-13149). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-14164 |
|
Vulnerability in dos (CVE-2026-14164)
vulnerability in dos (CVE-2026-14164). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11590 |
|
Vulnerability in wordpress (CVE-2026-11590)
vulnerability in wordpress (CVE-2026-11590). Confidential information can be exposed externally.
|
| CVE-2026-12240 |
|
Unsafe Deserialization in wordpress (CVE-2026-12240)
vulnerability in wordpress (CVE-2026-12240). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11589 |
|
Vulnerability in wordpress (CVE-2026-11589)
vulnerability in wordpress (CVE-2026-11589). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45822 |
|
Vulnerability in dos (CVE-2026-45822)
vulnerability in dos (CVE-2026-45822). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56809 |
|
Cross-Site Scripting (XSS) in jvn (CVE-2026-56809)
cross-site scripting in jvn (CVE-2026-56809). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12560 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12560)
cross-site scripting in wordpress (CVE-2026-12560). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11367 |
|
Path Traversal in wordpress (CVE-2026-11367)
path traversal in wordpress (CVE-2026-11367). Confidential information can be exposed externally.
|
| CVE-2026-12073 |
|
Vulnerability in wordpress (CVE-2026-12073)
vulnerability in wordpress (CVE-2026-12073). Successful exploitation can lead to full system takeover. Exploitable via ``user_login``.
|
| CVE-2026-58302 |
|
Path Traversal in path-traversal (CVE-2026-58302)
path traversal in path-traversal (CVE-2026-58302). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12114 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12114)
cross-site scripting in wordpress (CVE-2026-12114). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12243 |
|
Path Traversal in path-traversal (CVE-2026-12243)
path traversal in path-traversal (CVE-2026-12243). Confidential information can be exposed externally. Exploitable via ``_UNSAFE_NO_PROTOCOL_RE``.
|
| CVE-2026-51219 |
|
Vulnerability in dos (CVE-2026-51219)
vulnerability in dos (CVE-2026-51219). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-51218 |
|
Vulnerability in cpp (CVE-2026-51218)
vulnerability in cpp (CVE-2026-51218). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7656 |
|
Vulnerability in c (CVE-2026-7656)
vulnerability in c (CVE-2026-7656). Data can be tampered with by attackers.
|
| CVE-2026-10648 |
|
Vulnerability in c (CVE-2026-10648)
vulnerability in c (CVE-2026-10648). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-51221 |
|
Vulnerability in dos (CVE-2026-51221)
vulnerability in dos (CVE-2026-51221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50229 |
|
Vulnerability in apache (CVE-2026-50229)
vulnerability in apache (CVE-2026-50229). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34597 |
|
OS Command Injection in CVE-2026-34597 (CVE-2026-34597)
OS command injection in CVE-2026-34597 (CVE-2026-34597). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.0-beta.470` or later.
|
| CVE-2026-34594 |
|
OS Command Injection in CVE-2026-34594 (CVE-2026-34594)
OS command injection in CVE-2026-34594 (CVE-2026-34594). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.0-beta.471` or later.
|
| CVE-2026-57919 |
|
Vulnerability in privilege-escalation (CVE-2026-57919)
vulnerability in privilege-escalation (CVE-2026-57919). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54889 |
|
Cross-Site Scripting (XSS) in CVE-2026-54889 (CVE-2026-54889)
cross-site scripting in CVE-2026-54889 (CVE-2026-54889). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53429 |
|
Vulnerability in dos (CVE-2026-53429)
vulnerability in dos (CVE-2026-53429). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54888 |
|
Vulnerability in c (CVE-2026-54888)
vulnerability in c (CVE-2026-54888). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56017 |
|
Out-of-Bounds Read in dos (CVE-2026-56017)
vulnerability in dos (CVE-2026-56017). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56018 |
|
Vulnerability in dos (CVE-2026-56018)
vulnerability in dos (CVE-2026-56018). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53428 |
|
Vulnerability in dos (CVE-2026-53428)
vulnerability in dos (CVE-2026-53428). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53427 |
|
Cross-Site Scripting (XSS) in CVE-2026-53427 (CVE-2026-53427)
cross-site scripting in CVE-2026-53427 (CVE-2026-53427). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57955 |
|
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
|
| CVE-2026-57950 |
|
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
|
| CVE-2026-57947 |
|
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
|
| CVE-2026-57948 |
|
Vulnerability in CVE-2026-57948 (CVE-2026-57948)
vulnerability in CVE-2026-57948 (CVE-2026-57948). Confidential information can be exposed externally.
|
| CVE-2026-57958 |
|
Cross-Site Scripting (XSS) in laravel (CVE-2026-57958)
cross-site scripting in laravel (CVE-2026-57958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36848 |
|
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
|
| CVE-2026-11720 |
|
Path Traversal in path-traversal (CVE-2026-11720)
path traversal in path-traversal (CVE-2026-11720). Confidential information can be exposed externally.
|
| CVE-2026-56782 |
|
Vulnerability in CVE-2026-56782 (CVE-2026-56782)
vulnerability in CVE-2026-56782 (CVE-2026-56782). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56780 |
|
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
|
| CVE-2026-56285 |
|
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
|
| CVE-2026-12912 |
|
Vulnerability in dos (CVE-2026-12912)
vulnerability in dos (CVE-2026-12912). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56290 KEV |
|
[KEV] Unrestricted File Upload in Joomlack page-builder-ck (CVE-2026-56290)
vulnerability in Joomlack page-builder-ck (CVE-2026-56290). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-57320 |
|
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
|
| CVE-2026-57326 |
|
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
|
| CVE-2026-57328 |
|
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
|
| CVE-2026-57333 |
|
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
|
| CVE-2026-57337 |
|
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
|
| CVE-2026-57336 |
|
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
|
| CVE-2026-57329 |
|
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
|