Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-15654 |
|
Cross-Site Scripting (XSS) in CVE-2025-15654 (CVE-2025-15654)
cross-site scripting in CVE-2025-15654 (CVE-2025-15654). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50052 |
|
Vulnerability in CVE-2026-50052 (CVE-2026-50052)
vulnerability in CVE-2026-50052 (CVE-2026-50052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50031 |
|
Vulnerability in CVE-2026-50031 (CVE-2026-50031)
vulnerability in CVE-2026-50031 (CVE-2026-50031). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10704 |
|
Vulnerability in sqli (CVE-2026-10704)
vulnerability in sqli (CVE-2026-10704). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10705 |
|
Vulnerability in CVE-2026-10705 (CVE-2026-10705)
vulnerability in CVE-2026-10705 (CVE-2026-10705). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10703 |
|
Buffer Overflow in c (CVE-2026-10703)
vulnerability in c (CVE-2026-10703). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10694 |
|
Vulnerability in CVE-2026-10694 (CVE-2026-10694)
vulnerability in CVE-2026-10694 (CVE-2026-10694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9334 |
|
Vulnerability in rurban (CVE-2026-9334)
vulnerability in rurban (CVE-2026-9334). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9516 |
|
Vulnerability in dos (CVE-2026-9516)
vulnerability in dos (CVE-2026-9516). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10693 |
|
Vulnerability in CVE-2026-10693 (CVE-2026-10693)
vulnerability in CVE-2026-10693 (CVE-2026-10693). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10692 |
|
Vulnerability in code-index-mcp (CVE-2026-10692)
vulnerability in code-index-mcp (CVE-2026-10692). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.14.1` or later.
|
| CVE-2026-10691 |
|
Vulnerability in @wonderwhy-er/desktop-commander (CVE-2026-10691)
vulnerability in @wonderwhy-er/desktop-commander (CVE-2026-10691). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.2.39` or later.
|
| CVE-2026-10690 |
|
SSRF (Server-Side Request Forgery) in @wonderwhy-er/desktop-commander (CVE-2026-10690)
SSRF in @wonderwhy-er/desktop-commander (CVE-2026-10690). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7421 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7421)
cross-site scripting in wordpress (CVE-2026-7421). Risk of unauthorized operations or information disclosure. Exploitable via ``shop_name``.
|
| CVE-2026-9732 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9732)
vulnerability in wordpress (CVE-2026-9732). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10719 |
|
Out-of-Bounds Write in CVE-2026-10719 (CVE-2026-10719)
out-of-bounds write in CVE-2026-10719 (CVE-2026-10719). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10717 |
|
Out-of-Bounds Write in CVE-2026-10717 (CVE-2026-10717)
out-of-bounds write in CVE-2026-10717 (CVE-2026-10717). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10718 |
|
Out-of-Bounds Write in CVE-2026-10718 (CVE-2026-10718)
out-of-bounds write in CVE-2026-10718 (CVE-2026-10718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10688 |
|
Vulnerability in CVE-2026-10688 (CVE-2026-10688)
vulnerability in CVE-2026-10688 (CVE-2026-10688). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10662 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10662 (CVE-2026-10662)
SSRF in CVE-2026-10662 (CVE-2026-10662). Risk of unauthorized operations or information disclosure.
|
| CVE-2010-0249 KEV |
|
[KEV] Use-After-Free in Microsoft internet-explorer (CVE-2010-0249)
vulnerability in Microsoft internet-explorer (CVE-2010-0249). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-44654 |
|
Authorization Flaw in librechat (CVE-2026-44654)
vulnerability in librechat (CVE-2026-44654). Data can be tampered with by attackers. Exploitable via `DELETE /api/files`.
|
| CVE-2026-35482 |
|
Authorization Flaw in CVE-2026-35482 (CVE-2026-35482)
vulnerability in CVE-2026-35482 (CVE-2026-35482). Successful exploitation can lead to full system takeover. Exploitable via ``returnClass``.
|
| CVE-2026-41412 |
|
Path Traversal in CVE-2026-41412 (CVE-2026-41412)
path traversal in CVE-2026-41412 (CVE-2026-41412). Confidential information can be exposed externally. Exploitable via ``simpleHttpClient``.
|
| CVE-2026-40108 |
|
Cross-Site Scripting (XSS) in CVE-2026-40108 (CVE-2026-40108)
cross-site scripting in CVE-2026-40108 (CVE-2026-40108). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32625 |
|
Information Disclosure in librechat (CVE-2026-32625)
vulnerability in librechat (CVE-2026-32625). Confidential information can be exposed externally.
|
| CVE-2026-31942 |
|
Vulnerability in librechat (CVE-2026-31942)
vulnerability in librechat (CVE-2026-31942). Data can be tampered with by attackers. Exploitable via `PUT /api/keys`.
|
| CVE-2026-10650 |
|
Vulnerability in c (CVE-2026-10650)
vulnerability in c (CVE-2026-10650). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35212 |
|
Cross-Site Scripting (XSS) in pycti (CVE-2026-35212)
cross-site scripting in pycti (CVE-2026-35212). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.260227.0` or later.
|
| CVE-2026-10661 |
|
Vulnerability in CVE-2026-10661 (CVE-2026-10661)
vulnerability in CVE-2026-10661 (CVE-2026-10661). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-4481 |
|
Vulnerability in privilege-escalation (CVE-2021-4481)
vulnerability in privilege-escalation (CVE-2021-4481). Data can be tampered with by attackers.
|
| CVE-2025-15653 |
|
Vulnerability in CVE-2025-15653 (CVE-2025-15653)
vulnerability in CVE-2025-15653 (CVE-2025-15653). Successful exploitation can lead to full system takeover.
|
| CVE-2024-14036 |
|
Vulnerability in dos (CVE-2024-14036)
vulnerability in dos (CVE-2024-14036). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-4480 |
|
Vulnerability in privilege-escalation (CVE-2021-4480)
vulnerability in privilege-escalation (CVE-2021-4480). Data can be tampered with by attackers.
|
| CVE-2026-10620 |
|
Vulnerability in sqli (CVE-2026-10620)
vulnerability in sqli (CVE-2026-10620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10619 |
|
Authentication Bypass in CVE-2026-10619 (CVE-2026-10619)
authentication bypass in CVE-2026-10619 (CVE-2026-10619). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49143 |
|
Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
|
| CVE-2026-49144 |
|
Path Traversal in browserstack-runner (CVE-2026-49144)
path traversal in browserstack-runner (CVE-2026-49144). Confidential information can be exposed externally. Exploitable via ``_default``.
|
| CVE-2026-49443 |
|
Authentication Bypass in authentik (CVE-2026-49443)
authentication bypass in authentik (CVE-2026-49443). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
|
| CVE-2026-49448 |
|
Authentication Bypass in authentik (CVE-2026-49448)
authentication bypass in authentik (CVE-2026-49448). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
|
| CVE-2026-45289 |
|
Authentication Bypass in CVE-2026-45289 (CVE-2026-45289)
authentication bypass in CVE-2026-45289 (CVE-2026-45289). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42849 |
|
Cross-Site Scripting (XSS) in authentik (CVE-2026-42849)
cross-site scripting in authentik (CVE-2026-42849). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
|
| CVE-2026-41569 |
|
Open Redirect in authentik (CVE-2026-41569)
vulnerability in authentik (CVE-2026-41569). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.2.3` or later.
|
| CVE-2026-8036 |
|
Vulnerability in privilege-escalation (CVE-2026-8036)
vulnerability in privilege-escalation (CVE-2026-8036). Confidential information can be exposed externally.
|
| CVE-2026-8035 |
|
Vulnerability in dos (CVE-2026-8035)
vulnerability in dos (CVE-2026-8035). Data can be tampered with by attackers.
|
| CVE-2026-5076 |
|
Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
|
| CVE-2026-5073 |
|
SQL Injection in wordpress (CVE-2026-5073)
SQL injection in wordpress (CVE-2026-5073). Confidential information can be exposed externally.
|
| CVE-2026-5074 |
|
SQL Injection in wordpress (CVE-2026-5074)
SQL injection in wordpress (CVE-2026-5074). Confidential information can be exposed externally. Exploitable via ``get_private_content_data``.
|
| CVE-2026-5385 |
|
Cross-Site Scripting (XSS) in CVE-2026-5385 (CVE-2026-5385)
cross-site scripting in CVE-2026-5385 (CVE-2026-5385). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49120 |
|
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
|