Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56024 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-56024)
vulnerability in csrf (CVE-2026-56024). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55204 |
|
Vulnerability in c (CVE-2026-55204)
vulnerability in c (CVE-2026-55204). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38718 |
|
Vulnerability in dos (CVE-2026-38718)
vulnerability in dos (CVE-2026-38718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11982 |
|
Cross-Site Scripting (XSS) in CVE-2026-11982 (CVE-2026-11982)
cross-site scripting in CVE-2026-11982 (CVE-2026-11982). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48986 |
|
Vulnerability in dos (CVE-2026-48986)
vulnerability in dos (CVE-2026-48986). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58399 |
|
Authentication Bypass in @acastellon/auth (CVE-2026-58399)
authentication bypass in @acastellon/auth (CVE-2026-58399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /protected`. Mitigation: upgrade to `2.3.0` or later.
|
| CVE-2026-55237 |
|
Vulnerability in CVE-2026-55237 (CVE-2026-55237)
vulnerability in CVE-2026-55237 (CVE-2026-55237). Confidential information can be exposed externally. Exploitable via ``next``.
|
| CVE-2025-32392 |
|
Vulnerability in dos (CVE-2025-32392)
vulnerability in dos (CVE-2025-32392). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-32422 |
|
Vulnerability in dos (CVE-2025-32422)
vulnerability in dos (CVE-2025-32422). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
|
| CVE-2025-32424 |
|
Vulnerability in dos (CVE-2025-32424)
vulnerability in dos (CVE-2025-32424). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
|
| CVE-2025-32436 |
|
Vulnerability in dos (CVE-2025-32436)
vulnerability in dos (CVE-2025-32436). Risk of unauthorized operations or information disclosure. Exploitable via ``AddAudioToVideoBlock``.
|
| CVE-2025-32437 |
|
Vulnerability in dos (CVE-2025-32437)
vulnerability in dos (CVE-2025-32437). Risk of unauthorized operations or information disclosure. Exploitable via ``MediaDurationBlock``.
|
| CVE-2026-8806 |
|
Vulnerability in cisa (CVE-2026-8806)
vulnerability in cisa (CVE-2026-8806). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11791 |
|
Use-After-Free in dos (CVE-2026-11791)
vulnerability in dos (CVE-2026-11791). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8024 |
|
Unsafe Deserialization in deserialization (CVE-2026-8024)
vulnerability in deserialization (CVE-2026-8024). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56012 |
|
SQL Injection in sqli (CVE-2026-56012)
SQL injection in sqli (CVE-2026-56012). Confidential information can be exposed externally.
|
| CVE-2026-8461 |
|
Out-of-Bounds Write in c (CVE-2026-8461)
out-of-bounds write in c (CVE-2026-8461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40457 |
|
Cross-Site Scripting (XSS) in CVE-2026-40457 (CVE-2026-40457)
cross-site scripting in CVE-2026-40457 (CVE-2026-40457). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54221 |
|
Cross-Site Scripting (XSS) in CVE-2026-54221 (CVE-2026-54221)
cross-site scripting in CVE-2026-54221 (CVE-2026-54221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56009 |
|
Cross-Site Scripting (XSS) in CVE-2026-56009 (CVE-2026-56009)
cross-site scripting in CVE-2026-56009 (CVE-2026-56009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54219 |
|
Cross-Site Scripting (XSS) in CVE-2026-54219 (CVE-2026-54219)
cross-site scripting in CVE-2026-54219 (CVE-2026-54219). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56007 |
|
Cross-Site Scripting (XSS) in CVE-2026-56007 (CVE-2026-56007)
cross-site scripting in CVE-2026-56007 (CVE-2026-56007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54220 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-54220)
vulnerability in csrf (CVE-2026-54220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54222 |
|
SQL Injection in sqli (CVE-2026-54222)
SQL injection in sqli (CVE-2026-54222). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40455 |
|
SQL Injection in sqli (CVE-2026-40455)
SQL injection in sqli (CVE-2026-40455). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54419 |
|
SQL Injection in sqli (CVE-2026-54419)
SQL injection in sqli (CVE-2026-54419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44942 |
|
Vulnerability in path-traversal (CVE-2026-44942)
vulnerability in path-traversal (CVE-2026-44942). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54223 |
|
Path Traversal in path-traversal (CVE-2026-54223)
path traversal in path-traversal (CVE-2026-54223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54224 |
|
Vulnerability in dos (CVE-2026-54224)
vulnerability in dos (CVE-2026-54224). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8039 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8039)
cross-site scripting in wordpress (CVE-2026-8039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2021 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2021)
cross-site scripting in wordpress (CVE-2026-2021). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11718 |
|
Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-11717 |
|
Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-44727 |
|
Cross-Site Scripting (XSS) in jupyter-server (CVE-2026-44727)
cross-site scripting in jupyter-server (CVE-2026-44727). Risk of unauthorized operations or information disclosure. Exploitable via ``nbconvert.HTMLExporter``. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-12568 |
|
Path Traversal in bbot (CVE-2026-12568)
path traversal in bbot (CVE-2026-12568). Data can be tampered with by attackers. Exploitable via ``postman_download``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-12565 |
|
Path Traversal in bbot (CVE-2026-12565)
path traversal in bbot (CVE-2026-12565). Data can be tampered with by attackers. Exploitable via ``unarchive``. Mitigation: upgrade to `2.8.5` or later.
|
| CVE-2026-11958 |
|
Vulnerability in c (CVE-2026-11958)
vulnerability in c (CVE-2026-11958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55661 |
|
Cross-Site Scripting (XSS) in tinacms (CVE-2026-55661)
cross-site scripting in tinacms (CVE-2026-55661). Risk of unauthorized operations or information disclosure. Exploitable via ``url``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-55886 |
|
Vulnerability in jodit (CVE-2026-55886)
vulnerability in jodit (CVE-2026-55886). Risk of unauthorized operations or information disclosure. Exploitable via ``chain``. Mitigation: upgrade to `4.12.26` or later.
|
| CVE-2026-55746 |
|
Cross-Site Scripting (XSS) in cotonti/cotonti (CVE-2026-55746)
cross-site scripting in cotonti/cotonti (CVE-2026-55746). Confidential information can be exposed externally.
|
| CVE-2026-55745 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55745)
vulnerability in cotonti/cotonti (CVE-2026-55745). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12098 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12098)
cross-site scripting in wordpress (CVE-2026-12098). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12137 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12137)
cross-site scripting in wordpress (CVE-2026-12137). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12136 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12136)
cross-site scripting in wordpress (CVE-2026-12136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55741 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55744 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
|
| CVE-2026-55742 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28573 |
|
Vulnerability in dos (CVE-2026-28573)
vulnerability in dos (CVE-2026-28573). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11358 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11358)
cross-site scripting in wordpress (CVE-2026-11358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11402 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11402)
cross-site scripting in wordpress (CVE-2026-11402). Risk of unauthorized operations or information disclosure.
|