Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2025-15654 Cross-Site Scripting (XSS) in CVE-2025-15654 (CVE-2025-15654)
cross-site scripting in CVE-2025-15654 (CVE-2025-15654). Risk of unauthorized operations or information disclosure.
CVE-2026-50052 Vulnerability in CVE-2026-50052 (CVE-2026-50052)
vulnerability in CVE-2026-50052 (CVE-2026-50052). Risk of unauthorized operations or information disclosure.
CVE-2026-50031 Vulnerability in CVE-2026-50031 (CVE-2026-50031)
vulnerability in CVE-2026-50031 (CVE-2026-50031). Risk of unauthorized operations or information disclosure.
CVE-2026-10704 Vulnerability in sqli (CVE-2026-10704)
vulnerability in sqli (CVE-2026-10704). Risk of unauthorized operations or information disclosure.
CVE-2026-10705 Vulnerability in CVE-2026-10705 (CVE-2026-10705)
vulnerability in CVE-2026-10705 (CVE-2026-10705). Risk of unauthorized operations or information disclosure.
CVE-2026-10703 Buffer Overflow in c (CVE-2026-10703)
vulnerability in c (CVE-2026-10703). Risk of unauthorized operations or information disclosure.
CVE-2026-10694 Vulnerability in CVE-2026-10694 (CVE-2026-10694)
vulnerability in CVE-2026-10694 (CVE-2026-10694). Risk of unauthorized operations or information disclosure.
CVE-2026-9334 Vulnerability in rurban (CVE-2026-9334)
vulnerability in rurban (CVE-2026-9334). Risk of unauthorized operations or information disclosure.
CVE-2026-9516 Vulnerability in dos (CVE-2026-9516)
vulnerability in dos (CVE-2026-9516). Risk of unauthorized operations or information disclosure.
CVE-2026-10693 Vulnerability in CVE-2026-10693 (CVE-2026-10693)
vulnerability in CVE-2026-10693 (CVE-2026-10693). Risk of unauthorized operations or information disclosure.
CVE-2026-10692 Vulnerability in code-index-mcp (CVE-2026-10692)
vulnerability in code-index-mcp (CVE-2026-10692). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.14.1` or later.
CVE-2026-10691 Vulnerability in @wonderwhy-er/desktop-commander (CVE-2026-10691)
vulnerability in @wonderwhy-er/desktop-commander (CVE-2026-10691). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.2.39` or later.
CVE-2026-10690 SSRF (Server-Side Request Forgery) in @wonderwhy-er/desktop-commander (CVE-2026-10690)
SSRF in @wonderwhy-er/desktop-commander (CVE-2026-10690). Risk of unauthorized operations or information disclosure.
CVE-2026-7421 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7421)
cross-site scripting in wordpress (CVE-2026-7421). Risk of unauthorized operations or information disclosure. Exploitable via ``shop_name``.
CVE-2026-9732 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9732)
vulnerability in wordpress (CVE-2026-9732). Risk of unauthorized operations or information disclosure.
CVE-2026-10719 Out-of-Bounds Write in CVE-2026-10719 (CVE-2026-10719)
out-of-bounds write in CVE-2026-10719 (CVE-2026-10719). Risk of unauthorized operations or information disclosure.
CVE-2026-10717 Out-of-Bounds Write in CVE-2026-10717 (CVE-2026-10717)
out-of-bounds write in CVE-2026-10717 (CVE-2026-10717). Risk of unauthorized operations or information disclosure.
CVE-2026-10718 Out-of-Bounds Write in CVE-2026-10718 (CVE-2026-10718)
out-of-bounds write in CVE-2026-10718 (CVE-2026-10718). Risk of unauthorized operations or information disclosure.
CVE-2026-10688 Vulnerability in CVE-2026-10688 (CVE-2026-10688)
vulnerability in CVE-2026-10688 (CVE-2026-10688). Risk of unauthorized operations or information disclosure.
CVE-2026-10662 SSRF (Server-Side Request Forgery) in CVE-2026-10662 (CVE-2026-10662)
SSRF in CVE-2026-10662 (CVE-2026-10662). Risk of unauthorized operations or information disclosure.
CVE-2010-0249 KEV [KEV] Use-After-Free in Microsoft internet-explorer (CVE-2010-0249)
vulnerability in Microsoft internet-explorer (CVE-2010-0249). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-44654 Authorization Flaw in librechat (CVE-2026-44654)
vulnerability in librechat (CVE-2026-44654). Data can be tampered with by attackers. Exploitable via `DELETE /api/files`.
CVE-2026-35482 Authorization Flaw in CVE-2026-35482 (CVE-2026-35482)
vulnerability in CVE-2026-35482 (CVE-2026-35482). Successful exploitation can lead to full system takeover. Exploitable via ``returnClass``.
CVE-2026-41412 Path Traversal in CVE-2026-41412 (CVE-2026-41412)
path traversal in CVE-2026-41412 (CVE-2026-41412). Confidential information can be exposed externally. Exploitable via ``simpleHttpClient``.
CVE-2026-40108 Cross-Site Scripting (XSS) in CVE-2026-40108 (CVE-2026-40108)
cross-site scripting in CVE-2026-40108 (CVE-2026-40108). Risk of unauthorized operations or information disclosure.
CVE-2026-32625 Information Disclosure in librechat (CVE-2026-32625)
vulnerability in librechat (CVE-2026-32625). Confidential information can be exposed externally.
CVE-2026-31942 Vulnerability in librechat (CVE-2026-31942)
vulnerability in librechat (CVE-2026-31942). Data can be tampered with by attackers. Exploitable via `PUT /api/keys`.
CVE-2026-10650 Vulnerability in c (CVE-2026-10650)
vulnerability in c (CVE-2026-10650). Risk of unauthorized operations or information disclosure.
CVE-2026-35212 Cross-Site Scripting (XSS) in pycti (CVE-2026-35212)
cross-site scripting in pycti (CVE-2026-35212). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.260227.0` or later.
CVE-2026-10661 Vulnerability in CVE-2026-10661 (CVE-2026-10661)
vulnerability in CVE-2026-10661 (CVE-2026-10661). Risk of unauthorized operations or information disclosure.
CVE-2021-4481 Vulnerability in privilege-escalation (CVE-2021-4481)
vulnerability in privilege-escalation (CVE-2021-4481). Data can be tampered with by attackers.
CVE-2025-15653 Vulnerability in CVE-2025-15653 (CVE-2025-15653)
vulnerability in CVE-2025-15653 (CVE-2025-15653). Successful exploitation can lead to full system takeover.
CVE-2024-14036 Vulnerability in dos (CVE-2024-14036)
vulnerability in dos (CVE-2024-14036). Risk of unauthorized operations or information disclosure.
CVE-2021-4480 Vulnerability in privilege-escalation (CVE-2021-4480)
vulnerability in privilege-escalation (CVE-2021-4480). Data can be tampered with by attackers.
CVE-2026-10620 Vulnerability in sqli (CVE-2026-10620)
vulnerability in sqli (CVE-2026-10620). Risk of unauthorized operations or information disclosure.
CVE-2026-10619 Authentication Bypass in CVE-2026-10619 (CVE-2026-10619)
authentication bypass in CVE-2026-10619 (CVE-2026-10619). Risk of unauthorized operations or information disclosure.
CVE-2026-49143 Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
CVE-2026-49144 Path Traversal in browserstack-runner (CVE-2026-49144)
path traversal in browserstack-runner (CVE-2026-49144). Confidential information can be exposed externally. Exploitable via ``_default``.
CVE-2026-49443 Authentication Bypass in authentik (CVE-2026-49443)
authentication bypass in authentik (CVE-2026-49443). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
CVE-2026-49448 Authentication Bypass in authentik (CVE-2026-49448)
authentication bypass in authentik (CVE-2026-49448). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
CVE-2026-45289 Authentication Bypass in CVE-2026-45289 (CVE-2026-45289)
authentication bypass in CVE-2026-45289 (CVE-2026-45289). Risk of unauthorized operations or information disclosure.
CVE-2026-42849 Cross-Site Scripting (XSS) in authentik (CVE-2026-42849)
cross-site scripting in authentik (CVE-2026-42849). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
CVE-2026-41569 Open Redirect in authentik (CVE-2026-41569)
vulnerability in authentik (CVE-2026-41569). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.2.3` or later.
CVE-2026-8036 Vulnerability in privilege-escalation (CVE-2026-8036)
vulnerability in privilege-escalation (CVE-2026-8036). Confidential information can be exposed externally.
CVE-2026-8035 Vulnerability in dos (CVE-2026-8035)
vulnerability in dos (CVE-2026-8035). Data can be tampered with by attackers.
CVE-2026-5076 Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
CVE-2026-5073 SQL Injection in wordpress (CVE-2026-5073)
SQL injection in wordpress (CVE-2026-5073). Confidential information can be exposed externally.
CVE-2026-5074 SQL Injection in wordpress (CVE-2026-5074)
SQL injection in wordpress (CVE-2026-5074). Confidential information can be exposed externally. Exploitable via ``get_private_content_data``.
CVE-2026-5385 Cross-Site Scripting (XSS) in CVE-2026-5385 (CVE-2026-5385)
cross-site scripting in CVE-2026-5385 (CVE-2026-5385). Risk of unauthorized operations or information disclosure.
CVE-2026-49120 Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →