Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-57880 |
|
Vulnerability in dos (CVE-2026-57880)
vulnerability in dos (CVE-2026-57880). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40702 |
|
Vulnerability in cisa (CVE-2026-40702)
vulnerability in cisa (CVE-2026-40702). Confidential information can be exposed externally.
|
| CVE-2025-71338 |
|
Vulnerability in path-traversal (CVE-2025-71338)
vulnerability in path-traversal (CVE-2025-71338). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71336 |
|
OS Command Injection in flowiseai (CVE-2025-71336)
OS command injection in flowiseai (CVE-2025-71336). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71334 |
|
Vulnerability in flowiseai (CVE-2025-71334)
vulnerability in flowiseai (CVE-2025-71334). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71327 |
|
Vulnerability in flowiseai (CVE-2025-71327)
vulnerability in flowiseai (CVE-2025-71327). Confidential information can be exposed externally.
|
| CVE-2025-71333 |
|
Vulnerability in path-traversal (CVE-2025-71333)
vulnerability in path-traversal (CVE-2025-71333). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56786 |
|
Out-of-Bounds Write in dos (CVE-2026-56786)
out-of-bounds write in dos (CVE-2026-56786). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50548 |
|
Path Traversal in anysphere (CVE-2026-50548)
path traversal in anysphere (CVE-2026-50548). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0` or later.
|
| CVE-2026-50549 |
|
Vulnerability in anysphere (CVE-2026-50549)
vulnerability in anysphere (CVE-2026-50549). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0` or later.
|
| CVE-2026-54849 |
|
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
|
| CVE-2026-54843 |
|
Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
|
| CVE-2026-54836 |
|
SQL Injection in sqli (CVE-2026-54836)
SQL injection in sqli (CVE-2026-54836). Confidential information can be exposed externally.
|
| CVE-2026-41120 |
|
Vulnerability in dell (CVE-2026-41120)
vulnerability in dell (CVE-2026-41120). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54823 |
|
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
|
| CVE-2026-39955 |
|
SQL Injection in sqli (CVE-2026-39955)
SQL injection in sqli (CVE-2026-39955). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55454 |
|
Vulnerability in ssrf (CVE-2026-55454)
vulnerability in ssrf (CVE-2026-55454). Successful exploitation can lead to full system takeover. Exploitable via `POST /load`. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-55570 |
|
Cross-Site Scripting (XSS) in CVE-2026-55570 (CVE-2026-55570)
cross-site scripting in CVE-2026-55570 (CVE-2026-55570). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54067 |
|
Cross-Site Scripting (XSS) in CVE-2026-54067 (CVE-2026-54067)
cross-site scripting in CVE-2026-54067 (CVE-2026-54067). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54158 |
|
Cross-Site Scripting (XSS) in CVE-2026-54158 (CVE-2026-54158)
cross-site scripting in CVE-2026-54158 (CVE-2026-54158). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-50551 |
|
Cross-Site Scripting (XSS) in CVE-2026-50551 (CVE-2026-50551)
cross-site scripting in CVE-2026-50551 (CVE-2026-50551). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-39893 |
|
SQL Injection in sqli (CVE-2026-39893)
SQL injection in sqli (CVE-2026-39893). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56121 |
|
Unsafe Deserialization in deserialization (CVE-2026-56121)
vulnerability in deserialization (CVE-2026-56121). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56111 |
|
Vulnerability in c (CVE-2026-56111)
vulnerability in c (CVE-2026-56111). Data can be tampered with by attackers.
|
| CVE-2026-52914 |
|
Out-of-Bounds Write in dos (CVE-2026-52914)
out-of-bounds write in dos (CVE-2026-52914). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12417 |
|
Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
|
| CVE-2026-53662 |
|
Cross-Site Scripting (XSS) in CVE-2026-53662 (CVE-2026-53662)
cross-site scripting in CVE-2026-53662 (CVE-2026-53662). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54350 |
|
SQL Injection in @budibase/server (CVE-2026-54350)
SQL injection in @budibase/server (CVE-2026-54350). Confidential information can be exposed externally. Exploitable via `POST /api/v2/queries/`. Mitigation: upgrade to `3.39.12` or later.
|
| CVE-2026-52813 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52813)
vulnerability in gogs.io/gogs (CVE-2026-52813). Successful exploitation can lead to full system takeover. Exploitable via ``hooks``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52806 |
|
Command Injection in gogs.io/gogs (CVE-2026-52806)
command injection in gogs.io/gogs (CVE-2026-52806). Successful exploitation can lead to full system takeover. Exploitable via ``b53d3162``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-56315 |
|
Vulnerability in CVE-2026-56315 (CVE-2026-56315)
vulnerability in CVE-2026-56315 (CVE-2026-56315). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9733 |
|
Vulnerability in csrf (CVE-2026-9733)
vulnerability in csrf (CVE-2026-9733). Confidential information can be exposed externally.
|
| CVE-2025-67038 KEV |
|
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
|
| CVE-2026-10561 |
|
Code Injection in langflow (CVE-2026-10561)
code injection in langflow (CVE-2026-10561). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56395 |
|
Cross-Site Scripting (XSS) in CVE-2026-56395 (CVE-2026-56395)
cross-site scripting in CVE-2026-56395 (CVE-2026-56395). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56397 |
|
Cross-Site Scripting (XSS) in CVE-2026-56397 (CVE-2026-56397)
cross-site scripting in CVE-2026-56397 (CVE-2026-56397). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56265 |
|
Vulnerability in kidocode (CVE-2026-56265)
vulnerability in kidocode (CVE-2026-56265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5366 |
|
Code Injection in prefect (CVE-2026-5366)
code injection in prefect (CVE-2026-5366). Successful exploitation can lead to full system takeover. Exploitable via ``GitRepository``.
|
| CVE-2024-58351 |
|
Code Injection in dos (CVE-2024-58351)
code injection in dos (CVE-2024-58351). Successful exploitation can lead to full system takeover.
|
| CVE-2022-50972 |
|
Code Injection in CVE-2022-50972 (CVE-2022-50972)
code injection in CVE-2022-50972 (CVE-2022-50972). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25763 |
|
Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11551 |
|
Vulnerability in wordpress (CVE-2026-11551)
vulnerability in wordpress (CVE-2026-11551). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56073 |
|
Vulnerability in CVE-2026-56073 (CVE-2026-56073)
vulnerability in CVE-2026-56073 (CVE-2026-56073). Confidential information can be exposed externally.
|
| CVE-2026-49871 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-49871)
vulnerability in apache (CVE-2026-49871). Confidential information can be exposed externally.
|
| CVE-2026-49230 |
|
Vulnerability in apache (CVE-2026-49230)
vulnerability in apache (CVE-2026-49230). Confidential information can be exposed externally.
|
| CVE-2026-39999 |
|
Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
|
| CVE-2026-48137 |
|
Vulnerability in ni (CVE-2026-48137)
vulnerability in ni (CVE-2026-48137). Confidential information can be exposed externally.
|
| CVE-2026-56142 |
|
Vulnerability in privilege-escalation (CVE-2026-56142)
vulnerability in privilege-escalation (CVE-2026-56142). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50242 |
|
Vulnerability in jetbrains (CVE-2026-50242)
vulnerability in jetbrains (CVE-2026-50242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8713 |
|
Path Traversal in wordpress (CVE-2026-8713)
path traversal in wordpress (CVE-2026-8713). Data can be tampered with by attackers.
|