Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-9008 Vulnerability in wordpress (CVE-2026-9008)
vulnerability in wordpress (CVE-2026-9008). Risk of unauthorized operations or information disclosure.
CVE-2026-8901 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8901)
cross-site scripting in wordpress (CVE-2026-8901). Risk of unauthorized operations or information disclosure.
CVE-2026-9281 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9281)
cross-site scripting in wordpress (CVE-2026-9281). Risk of unauthorized operations or information disclosure.
CVE-2026-8438 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8438)
cross-site scripting in wordpress (CVE-2026-8438). Risk of unauthorized operations or information disclosure.
CVE-2026-8900 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8900)
cross-site scripting in wordpress (CVE-2026-8900). Risk of unauthorized operations or information disclosure.
CVE-2026-9719 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9719)
vulnerability in wordpress (CVE-2026-9719). Risk of unauthorized operations or information disclosure.
CVE-2026-8976 Vulnerability in wordpress (CVE-2026-8976)
vulnerability in wordpress (CVE-2026-8976). Risk of unauthorized operations or information disclosure.
CVE-2026-9290 Path Traversal in wordpress (CVE-2026-9290)
path traversal in wordpress (CVE-2026-9290). Confidential information can be exposed externally.
CVE-2026-6448 SQL Injection in wordpress (CVE-2026-6448)
SQL injection in wordpress (CVE-2026-6448). Confidential information can be exposed externally.
CVE-2026-8893 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8893)
cross-site scripting in wordpress (CVE-2026-8893). Risk of unauthorized operations or information disclosure.
CVE-2026-6240 Vulnerability in dos (CVE-2026-6240)
vulnerability in dos (CVE-2026-6240). Risk of unauthorized operations or information disclosure.
CVE-2026-7047 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-7047)
vulnerability in wordpress (CVE-2026-7047). Risk of unauthorized operations or information disclosure.
CVE-2026-6241 Vulnerability in dos (CVE-2026-6241)
vulnerability in dos (CVE-2026-6241). Risk of unauthorized operations or information disclosure.
CVE-2026-6242 Vulnerability in CVE-2026-6242 (CVE-2026-6242)
vulnerability in CVE-2026-6242 (CVE-2026-6242). Risk of unauthorized operations or information disclosure.
CVE-2026-6239 Vulnerability in dos (CVE-2026-6239)
vulnerability in dos (CVE-2026-6239). Risk of unauthorized operations or information disclosure.
CVE-2025-12656 Vulnerability in wordpress (CVE-2025-12656)
vulnerability in wordpress (CVE-2025-12656). Risk of unauthorized operations or information disclosure.
CVE-2026-34123 Authentication Bypass in CVE-2026-34123 (CVE-2026-34123)
authentication bypass in CVE-2026-34123 (CVE-2026-34123). Risk of unauthorized operations or information disclosure.
CVE-2026-7523 Vulnerability in wordpress (CVE-2026-7523)
vulnerability in wordpress (CVE-2026-7523). Risk of unauthorized operations or information disclosure.
CVE-2026-7654 Unsafe Deserialization in wordpress (CVE-2026-7654)
vulnerability in wordpress (CVE-2026-7654). Successful exploitation can lead to full system takeover. Exploitable via ``allowed_classes``.
CVE-2026-11429 Path Traversal in path-traversal (CVE-2026-11429)
path traversal in path-traversal (CVE-2026-11429). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
CVE-2026-11424 Information Disclosure in ssrf (CVE-2026-11424)
vulnerability in ssrf (CVE-2026-11424). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
CVE-2026-11416 Path Traversal in path-traversal (CVE-2026-11416)
path traversal in path-traversal (CVE-2026-11416). Data can be tampered with by attackers.
CVE-2026-11431 Path Traversal in path-traversal (CVE-2026-11431)
path traversal in path-traversal (CVE-2026-11431). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
CVE-2026-11423 Path Traversal in path-traversal (CVE-2026-11423)
path traversal in path-traversal (CVE-2026-11423). Risk of unauthorized operations or information disclosure.
CVE-2026-36785 Vulnerability in dos (CVE-2026-36785)
vulnerability in dos (CVE-2026-36785). Risk of unauthorized operations or information disclosure.
CVE-2026-11422 Vulnerability in CVE-2026-11422 (CVE-2026-11422)
vulnerability in CVE-2026-11422 (CVE-2026-11422). Confidential information can be exposed externally.
CVE-2026-11400 CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CVE-2026-46400 Unrestricted File Upload in CVE-2026-46400 (CVE-2026-46400)
vulnerability in CVE-2026-46400 (CVE-2026-46400). Risk of unauthorized operations or information disclosure.
CVE-2026-46397 Path Traversal in CVE-2026-46397 (CVE-2026-46397)
path traversal in CVE-2026-46397 (CVE-2026-46397). Confidential information can be exposed externally.
CVE-2026-45779 SQL Injection in sqli (CVE-2026-45779)
SQL injection in sqli (CVE-2026-45779). Successful exploitation can lead to full system takeover.
CVE-2026-45778 Cross-Site Scripting (XSS) in buffalo (CVE-2026-45778)
cross-site scripting in buffalo (CVE-2026-45778). Risk of unauthorized operations or information disclosure.
CVE-2026-45777 OS Command Injection in buffalo (CVE-2026-45777)
OS command injection in buffalo (CVE-2026-45777). Successful exploitation can lead to full system takeover.
CVE-2026-45776 Vulnerability in buffalo (CVE-2026-45776)
vulnerability in buffalo (CVE-2026-45776). Risk of unauthorized operations or information disclosure.
CVE-2026-25624 Cross-Site Scripting (XSS) in arista (CVE-2026-25624)
cross-site scripting in arista (CVE-2026-25624). Confidential information can be exposed externally.
CVE-2026-25620 OS Command Injection in arista (CVE-2026-25620)
OS command injection in arista (CVE-2026-25620). Confidential information can be exposed externally.
CVE-2026-25621 OS Command Injection in arista (CVE-2026-25621)
OS command injection in arista (CVE-2026-25621). Confidential information can be exposed externally.
CVE-2026-25622 OS Command Injection in arista (CVE-2026-25622)
OS command injection in arista (CVE-2026-25622). Confidential information can be exposed externally.
CVE-2026-25623 OS Command Injection in arista (CVE-2026-25623)
OS command injection in arista (CVE-2026-25623). Confidential information can be exposed externally.
CVE-2026-11414 Path Traversal in path-traversal (CVE-2026-11414)
path traversal in path-traversal (CVE-2026-11414). Successful exploitation can lead to full system takeover.
CVE-2026-11419 Path Traversal in path-traversal (CVE-2026-11419)
path traversal in path-traversal (CVE-2026-11419). Successful exploitation can lead to full system takeover.
CVE-2026-11420 Path Traversal in path-traversal (CVE-2026-11420)
path traversal in path-traversal (CVE-2026-11420). Successful exploitation can lead to full system takeover.
CVE-2026-11401 AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-46392 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
CVE-2026-46394 OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
OS command injection in CVE-2026-46394 (CVE-2026-46394). Risk of unauthorized operations or information disclosure.
CVE-2026-46399 Vulnerability in CVE-2026-46399 (CVE-2026-46399)
vulnerability in CVE-2026-46399 (CVE-2026-46399). Risk of unauthorized operations or information disclosure.
CVE-2026-46389 Authentication Bypass in defenseunicorns (CVE-2026-46389)
authentication bypass in defenseunicorns (CVE-2026-46389). Successful exploitation can lead to full system takeover. Exploitable via ``client_secret``.
CVE-2026-10580 Vulnerability in wordpress (CVE-2026-10580)
vulnerability in wordpress (CVE-2026-10580). Successful exploitation can lead to full system takeover.
CVE-2026-50733 Vulnerability in CVE-2026-50733 (CVE-2026-50733)
vulnerability in CVE-2026-50733 (CVE-2026-50733). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →