Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-12076 SQL Injection in sqli (CVE-2026-12076)
SQL injection in sqli (CVE-2026-12076). Risk of unauthorized operations or information disclosure.
CVE-2025-7406 Privilege Escalation in privilege-escalation (CVE-2025-7406)
vulnerability in privilege-escalation (CVE-2025-7406). Successful exploitation can lead to full system takeover.
CVE-2026-13149 Vulnerability in dos (CVE-2026-13149)
vulnerability in dos (CVE-2026-13149). Risk of unauthorized operations or information disclosure.
CVE-2026-14164 Vulnerability in dos (CVE-2026-14164)
vulnerability in dos (CVE-2026-14164). Risk of unauthorized operations or information disclosure.
CVE-2026-11590 Vulnerability in wordpress (CVE-2026-11590)
vulnerability in wordpress (CVE-2026-11590). Confidential information can be exposed externally.
CVE-2026-12240 Unsafe Deserialization in wordpress (CVE-2026-12240)
vulnerability in wordpress (CVE-2026-12240). Successful exploitation can lead to full system takeover.
CVE-2026-11589 Vulnerability in wordpress (CVE-2026-11589)
vulnerability in wordpress (CVE-2026-11589). Successful exploitation can lead to full system takeover.
CVE-2026-45822 Vulnerability in dos (CVE-2026-45822)
vulnerability in dos (CVE-2026-45822). Risk of unauthorized operations or information disclosure.
CVE-2026-56809 Cross-Site Scripting (XSS) in jvn (CVE-2026-56809)
cross-site scripting in jvn (CVE-2026-56809). Risk of unauthorized operations or information disclosure.
CVE-2026-12560 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12560)
cross-site scripting in wordpress (CVE-2026-12560). Risk of unauthorized operations or information disclosure.
CVE-2026-11367 Path Traversal in wordpress (CVE-2026-11367)
path traversal in wordpress (CVE-2026-11367). Confidential information can be exposed externally.
CVE-2026-12073 Vulnerability in wordpress (CVE-2026-12073)
vulnerability in wordpress (CVE-2026-12073). Successful exploitation can lead to full system takeover. Exploitable via ``user_login``.
CVE-2026-58302 Path Traversal in path-traversal (CVE-2026-58302)
path traversal in path-traversal (CVE-2026-58302). Successful exploitation can lead to full system takeover.
CVE-2026-12114 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12114)
cross-site scripting in wordpress (CVE-2026-12114). Risk of unauthorized operations or information disclosure.
CVE-2026-12243 Path Traversal in path-traversal (CVE-2026-12243)
path traversal in path-traversal (CVE-2026-12243). Confidential information can be exposed externally. Exploitable via ``_UNSAFE_NO_PROTOCOL_RE``.
CVE-2026-51219 Vulnerability in dos (CVE-2026-51219)
vulnerability in dos (CVE-2026-51219). Risk of unauthorized operations or information disclosure.
CVE-2026-51218 Vulnerability in cpp (CVE-2026-51218)
vulnerability in cpp (CVE-2026-51218). Risk of unauthorized operations or information disclosure.
CVE-2026-7656 Vulnerability in c (CVE-2026-7656)
vulnerability in c (CVE-2026-7656). Data can be tampered with by attackers.
CVE-2026-10648 Vulnerability in c (CVE-2026-10648)
vulnerability in c (CVE-2026-10648). Risk of unauthorized operations or information disclosure.
CVE-2026-51221 Vulnerability in dos (CVE-2026-51221)
vulnerability in dos (CVE-2026-51221). Risk of unauthorized operations or information disclosure.
CVE-2026-50229 Vulnerability in apache (CVE-2026-50229)
vulnerability in apache (CVE-2026-50229). Risk of unauthorized operations or information disclosure.
CVE-2026-34597 OS Command Injection in CVE-2026-34597 (CVE-2026-34597)
OS command injection in CVE-2026-34597 (CVE-2026-34597). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.0-beta.470` or later.
CVE-2026-34594 OS Command Injection in CVE-2026-34594 (CVE-2026-34594)
OS command injection in CVE-2026-34594 (CVE-2026-34594). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.0-beta.471` or later.
CVE-2026-57919 Vulnerability in privilege-escalation (CVE-2026-57919)
vulnerability in privilege-escalation (CVE-2026-57919). Successful exploitation can lead to full system takeover.
CVE-2026-54889 Cross-Site Scripting (XSS) in CVE-2026-54889 (CVE-2026-54889)
cross-site scripting in CVE-2026-54889 (CVE-2026-54889). Risk of unauthorized operations or information disclosure.
CVE-2026-53429 Vulnerability in dos (CVE-2026-53429)
vulnerability in dos (CVE-2026-53429). Risk of unauthorized operations or information disclosure.
CVE-2026-54888 Vulnerability in c (CVE-2026-54888)
vulnerability in c (CVE-2026-54888). Risk of unauthorized operations or information disclosure.
CVE-2026-56017 Out-of-Bounds Read in dos (CVE-2026-56017)
vulnerability in dos (CVE-2026-56017). Risk of unauthorized operations or information disclosure.
CVE-2026-56018 Vulnerability in dos (CVE-2026-56018)
vulnerability in dos (CVE-2026-56018). Risk of unauthorized operations or information disclosure.
CVE-2026-53428 Vulnerability in dos (CVE-2026-53428)
vulnerability in dos (CVE-2026-53428). Risk of unauthorized operations or information disclosure.
CVE-2026-53427 Cross-Site Scripting (XSS) in CVE-2026-53427 (CVE-2026-53427)
cross-site scripting in CVE-2026-53427 (CVE-2026-53427). Risk of unauthorized operations or information disclosure.
CVE-2026-57955 SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
CVE-2026-57950 ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
CVE-2026-57947 Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
CVE-2026-57948 Vulnerability in CVE-2026-57948 (CVE-2026-57948)
vulnerability in CVE-2026-57948 (CVE-2026-57948). Confidential information can be exposed externally.
CVE-2026-57958 Cross-Site Scripting (XSS) in laravel (CVE-2026-57958)
cross-site scripting in laravel (CVE-2026-57958). Risk of unauthorized operations or information disclosure.
CVE-2026-36848 Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
CVE-2026-11720 Path Traversal in path-traversal (CVE-2026-11720)
path traversal in path-traversal (CVE-2026-11720). Confidential information can be exposed externally.
CVE-2026-56782 Vulnerability in CVE-2026-56782 (CVE-2026-56782)
vulnerability in CVE-2026-56782 (CVE-2026-56782). Successful exploitation can lead to full system takeover.
CVE-2026-56780 Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
CVE-2026-56285 Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
CVE-2026-12912 Vulnerability in dos (CVE-2026-12912)
vulnerability in dos (CVE-2026-12912). Successful exploitation can lead to full system takeover.
CVE-2026-56290 KEV [KEV] Unrestricted File Upload in Joomlack page-builder-ck (CVE-2026-56290)
vulnerability in Joomlack page-builder-ck (CVE-2026-56290). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-57320 Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
CVE-2026-57326 Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
CVE-2026-57328 Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
CVE-2026-57333 Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
CVE-2026-57337 Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
CVE-2026-57336 Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
CVE-2026-57329 Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →