Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-52756 Path Traversal in path-traversal (CVE-2026-52756)
path traversal in path-traversal (CVE-2026-52756). Risk of unauthorized operations or information disclosure.
CVE-2026-49497 Path Traversal in path-traversal (CVE-2026-49497)
path traversal in path-traversal (CVE-2026-49497). Risk of unauthorized operations or information disclosure.
CVE-2026-49495 Vulnerability in nsa (CVE-2026-49495)
vulnerability in nsa (CVE-2026-49495). Risk of unauthorized operations or information disclosure.
CVE-2026-49498 SQL Injection in sqli (CVE-2026-49498)
SQL injection in sqli (CVE-2026-49498). Successful exploitation can lead to full system takeover.
CVE-2026-49069 Cross-Site Scripting (XSS) in CVE-2026-49069 (CVE-2026-49069)
cross-site scripting in CVE-2026-49069 (CVE-2026-49069). Risk of unauthorized operations or information disclosure.
CVE-2026-49496 Use-After-Free in c (CVE-2026-49496)
vulnerability in c (CVE-2026-49496). Risk of unauthorized operations or information disclosure.
CVE-2025-71329 Vulnerability in dos (CVE-2025-71329)
vulnerability in dos (CVE-2025-71329). Risk of unauthorized operations or information disclosure.
CVE-2025-71330 Vulnerability in dos (CVE-2025-71330)
vulnerability in dos (CVE-2025-71330). Risk of unauthorized operations or information disclosure.
CVE-2026-49397 Information Disclosure in github.com/nezhahq/nezha (CVE-2026-49397)
vulnerability in github.com/nezhahq/nezha (CVE-2026-49397). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/service`. Mitigation: upgrade to `2.0.14` or later.
CVE-2026-49396 Cross-Site Request Forgery (CSRF) in github.com/nezhahq/nezha (CVE-2026-49396)
vulnerability in github.com/nezhahq/nezha (CVE-2026-49396). Data can be tampered with by attackers. Exploitable via `GET /api/v1/cron/`. Mitigation: upgrade to `2.0.14` or later.
CVE-2026-24067 Vulnerability in privilege-escalation (CVE-2026-24067)
vulnerability in privilege-escalation (CVE-2026-24067). Successful exploitation can lead to full system takeover.
CVE-2026-11859 Vulnerability in CVE-2026-11859 (CVE-2026-11859)
vulnerability in CVE-2026-11859 (CVE-2026-11859). Risk of unauthorized operations or information disclosure.
CVE-2026-11853 Vulnerability in CVE-2026-11853 (CVE-2026-11853)
vulnerability in CVE-2026-11853 (CVE-2026-11853). Risk of unauthorized operations or information disclosure.
CVE-2026-11852 Vulnerability in CVE-2026-11852 (CVE-2026-11852)
vulnerability in CVE-2026-11852 (CVE-2026-11852). Risk of unauthorized operations or information disclosure.
CVE-2026-3018 SQL Injection in wordpress (CVE-2026-3018)
SQL injection in wordpress (CVE-2026-3018). Confidential information can be exposed externally.
CVE-2025-6254 Privilege Escalation in wordpress (CVE-2025-6254)
vulnerability in wordpress (CVE-2025-6254). Successful exploitation can lead to full system takeover.
CVE-2026-8613 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8613)
cross-site scripting in wordpress (CVE-2026-8613). Risk of unauthorized operations or information disclosure.
CVE-2026-8853 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8853)
cross-site scripting in wordpress (CVE-2026-8853). Risk of unauthorized operations or information disclosure.
CVE-2026-9019 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9019)
cross-site scripting in wordpress (CVE-2026-9019). Risk of unauthorized operations or information disclosure.
CVE-2026-10721 Unsafe Deserialization in CVE-2026-10721 (CVE-2026-10721)
vulnerability in CVE-2026-10721 (CVE-2026-10721). Risk of unauthorized operations or information disclosure.
CVE-2026-9067 Unrestricted File Upload in wordpress (CVE-2026-9067)
vulnerability in wordpress (CVE-2026-9067). Confidential information can be exposed externally.
CVE-2026-3326 SQL Injection in wordpress (CVE-2026-3326)
SQL injection in wordpress (CVE-2026-3326). Confidential information can be exposed externally.
CVE-2026-8071 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8071)
cross-site scripting in wordpress (CVE-2026-8071). Successful exploitation can lead to full system takeover.
CVE-2026-9060 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9060)
cross-site scripting in wordpress (CVE-2026-9060). Risk of unauthorized operations or information disclosure. Exploitable via ``unfiltered_html``.
CVE-2026-11815 Unsafe Deserialization in CVE-2026-11815 (CVE-2026-11815)
vulnerability in CVE-2026-11815 (CVE-2026-11815). Risk of unauthorized operations or information disclosure.
CVE-2026-26241 Vulnerability in qnap (CVE-2026-26241)
vulnerability in qnap (CVE-2026-26241). Data can be tampered with by attackers.
CVE-2026-26240 Vulnerability in qnap (CVE-2026-26240)
vulnerability in qnap (CVE-2026-26240). Data can be tampered with by attackers.
CVE-2026-11837 Vulnerability in privilege-escalation (CVE-2026-11837)
vulnerability in privilege-escalation (CVE-2026-11837). Successful exploitation can lead to full system takeover.
CVE-2025-8444 Cross-Site Scripting (XSS) in wordpress (CVE-2025-8444)
cross-site scripting in wordpress (CVE-2025-8444). Risk of unauthorized operations or information disclosure.
CVE-2026-26239 Vulnerability in qnap (CVE-2026-26239)
vulnerability in qnap (CVE-2026-26239). Data can be tampered with by attackers.
CVE-2026-26237 Vulnerability in qnap (CVE-2026-26237)
vulnerability in qnap (CVE-2026-26237). Confidential information can be exposed externally.
CVE-2026-24720 Vulnerability in qnap (CVE-2026-24720)
vulnerability in qnap (CVE-2026-24720). Risk of unauthorized operations or information disclosure.
CVE-2026-24724 Authorization Flaw in qnap (CVE-2026-24724)
vulnerability in qnap (CVE-2026-24724). Confidential information can be exposed externally.
CVE-2026-24719 OS Command Injection in qnap (CVE-2026-24719)
OS command injection in qnap (CVE-2026-24719). Successful exploitation can lead to full system takeover.
CVE-2026-22899 Vulnerability in dos (CVE-2026-22899)
vulnerability in dos (CVE-2026-22899). Risk of unauthorized operations or information disclosure.
CVE-2026-24716 Vulnerability in dos (CVE-2026-24716)
vulnerability in dos (CVE-2026-24716). Successful exploitation can lead to full system takeover.
CVE-2026-24717 Path Traversal in path-traversal (CVE-2026-24717)
path traversal in path-traversal (CVE-2026-24717). Confidential information can be exposed externally.
CVE-2025-66281 Vulnerability in dos (CVE-2025-66281)
vulnerability in dos (CVE-2025-66281). Successful exploitation can lead to full system takeover.
CVE-2026-22893 OS Command Injection in qnap (CVE-2026-22893)
OS command injection in qnap (CVE-2026-22893). Successful exploitation can lead to full system takeover.
CVE-2025-66280 Vulnerability in qnap (CVE-2025-66280)
vulnerability in qnap (CVE-2025-66280). Successful exploitation can lead to full system takeover.
CVE-2025-66273 OS Command Injection in qnap (CVE-2025-66273)
OS command injection in qnap (CVE-2025-66273). Successful exploitation can lead to full system takeover.
CVE-2025-66279 OS Command Injection in qnap (CVE-2025-66279)
OS command injection in qnap (CVE-2025-66279). Successful exploitation can lead to full system takeover.
CVE-2025-62851 Path Traversal in path-traversal (CVE-2025-62851)
path traversal in path-traversal (CVE-2025-62851). Confidential information can be exposed externally.
CVE-2025-62850 Vulnerability in dos (CVE-2025-62850)
vulnerability in dos (CVE-2025-62850). Successful exploitation can lead to full system takeover.
CVE-2025-59382 Vulnerability in CVE-2025-59382 (CVE-2025-59382)
vulnerability in CVE-2025-59382 (CVE-2025-59382). Risk of unauthorized operations or information disclosure.
CVE-2025-58468 Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-58468)
vulnerability in csrf (CVE-2025-58468). Risk of unauthorized operations or information disclosure.
CVE-2026-46532 Out-of-Bounds Read in c (CVE-2026-46532)
vulnerability in c (CVE-2026-46532). Risk of unauthorized operations or information disclosure.
CVE-2026-45542 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup p...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/pro...
CVE-2026-45541 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation pat...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp_http_server component. While parsing the client-supplied Sec-WebSocket-Protocol request...
CVE-2026-45328 Vulnerability in c (CVE-2026-45328)
vulnerability in c (CVE-2026-45328). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →