Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-2414 |
|
Vulnerability in CVE-2025-2414 (CVE-2025-2414)
vulnerability in CVE-2025-2414 (CVE-2025-2414). Confidential information can be exposed externally.
|
| CVE-2026-9197 |
|
Path Traversal in wordpress (CVE-2026-9197)
path traversal in wordpress (CVE-2026-9197). Confidential information can be exposed externally.
|
| CVE-2026-8978 |
|
SQL Injection in wordpress (CVE-2026-8978)
SQL injection in wordpress (CVE-2026-8978). Confidential information can be exposed externally.
|
| CVE-2026-9280 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9280)
cross-site scripting in wordpress (CVE-2026-9280). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8991 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8991)
cross-site scripting in wordpress (CVE-2026-8991). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7796 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7796)
cross-site scripting in wordpress (CVE-2026-7796). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7795 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7795)
cross-site scripting in wordpress (CVE-2026-7795). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7566 |
|
Unsafe Deserialization in wordpress (CVE-2026-7566)
vulnerability in wordpress (CVE-2026-7566). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7565 |
|
Path Traversal in wordpress (CVE-2026-7565)
path traversal in wordpress (CVE-2026-7565). Confidential information can be exposed externally.
|
| CVE-2026-7537 |
|
Unrestricted File Upload in wordpress (CVE-2026-7537)
vulnerability in wordpress (CVE-2026-7537). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2500 |
|
Path Traversal in csharp (CVE-2026-2500)
path traversal in csharp (CVE-2026-2500). Confidential information can be exposed externally. Exploitable via ``filename``.
|
| CVE-2026-9281 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9281)
cross-site scripting in wordpress (CVE-2026-9281). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8901 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8901)
cross-site scripting in wordpress (CVE-2026-8901). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8438 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8438)
cross-site scripting in wordpress (CVE-2026-8438). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8900 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8900)
cross-site scripting in wordpress (CVE-2026-8900). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8893 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8893)
cross-site scripting in wordpress (CVE-2026-8893). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6448 |
|
SQL Injection in wordpress (CVE-2026-6448)
SQL injection in wordpress (CVE-2026-6448). Confidential information can be exposed externally.
|
| CVE-2026-6240 |
|
Vulnerability in dos (CVE-2026-6240)
vulnerability in dos (CVE-2026-6240). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6241 |
|
Vulnerability in dos (CVE-2026-6241)
vulnerability in dos (CVE-2026-6241). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6239 |
|
Vulnerability in dos (CVE-2026-6239)
vulnerability in dos (CVE-2026-6239). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7654 |
|
Unsafe Deserialization in wordpress (CVE-2026-7654)
vulnerability in wordpress (CVE-2026-7654). Successful exploitation can lead to full system takeover. Exploitable via ``allowed_classes``.
|
| CVE-2026-11429 |
|
Path Traversal in path-traversal (CVE-2026-11429)
path traversal in path-traversal (CVE-2026-11429). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
|
| CVE-2026-11431 |
|
Path Traversal in path-traversal (CVE-2026-11431)
path traversal in path-traversal (CVE-2026-11431). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
|
| CVE-2026-11416 |
|
Path Traversal in path-traversal (CVE-2026-11416)
path traversal in path-traversal (CVE-2026-11416). Data can be tampered with by attackers.
|
| CVE-2026-11424 |
|
Information Disclosure in ssrf (CVE-2026-11424)
vulnerability in ssrf (CVE-2026-11424). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
|
| CVE-2026-11423 |
|
Path Traversal in path-traversal (CVE-2026-11423)
path traversal in path-traversal (CVE-2026-11423). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36785 |
|
Vulnerability in dos (CVE-2026-36785)
vulnerability in dos (CVE-2026-36785). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11400 |
|
CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
|
| CVE-2026-46400 |
|
Unrestricted File Upload in CVE-2026-46400 (CVE-2026-46400)
vulnerability in CVE-2026-46400 (CVE-2026-46400). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45779 |
|
SQL Injection in sqli (CVE-2026-45779)
SQL injection in sqli (CVE-2026-45779). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25624 |
|
Cross-Site Scripting (XSS) in arista (CVE-2026-25624)
cross-site scripting in arista (CVE-2026-25624). Confidential information can be exposed externally.
|
| CVE-2026-11419 |
|
Path Traversal in path-traversal (CVE-2026-11419)
path traversal in path-traversal (CVE-2026-11419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11420 |
|
Path Traversal in path-traversal (CVE-2026-11420)
path traversal in path-traversal (CVE-2026-11420). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11414 |
|
Path Traversal in path-traversal (CVE-2026-11414)
path traversal in path-traversal (CVE-2026-11414). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11401 |
|
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
|
| CVE-2026-5415 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-5411 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-46392 |
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
| CVE-2026-46394 |
|
OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
OS command injection in CVE-2026-46394 (CVE-2026-46394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10580 |
|
Vulnerability in wordpress (CVE-2026-10580)
vulnerability in wordpress (CVE-2026-10580). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45746 |
|
Vulnerability in termix (CVE-2026-45746)
vulnerability in termix (CVE-2026-45746). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36500 |
|
Path Traversal in path-traversal (CVE-2026-36500)
path traversal in path-traversal (CVE-2026-36500). Confidential information can be exposed externally.
|
| CVE-2026-36501 |
|
Vulnerability in dos (CVE-2026-36501)
vulnerability in dos (CVE-2026-36501). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11342 |
|
Vulnerability in sqli (CVE-2026-11342)
vulnerability in sqli (CVE-2026-11342). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48103 |
|
Out-of-Bounds Read in cpp (CVE-2026-48103)
vulnerability in cpp (CVE-2026-48103). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48104 |
|
Out-of-Bounds Read in dos (CVE-2026-48104)
vulnerability in dos (CVE-2026-48104). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48111 |
|
Out-of-Bounds Read in cpp (CVE-2026-48111)
vulnerability in cpp (CVE-2026-48111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11338 |
|
Cross-Site Scripting (XSS) in CVE-2026-11338 (CVE-2026-11338)
cross-site scripting in CVE-2026-11338 (CVE-2026-11338). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11337 |
|
Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
cross-site scripting in CVE-2026-11337 (CVE-2026-11337). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-5089 |
|
Vulnerability in dos (CVE-2025-5089)
vulnerability in dos (CVE-2025-5089). Risk of unauthorized operations or information disclosure.
|