Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-12714 |
|
Vulnerability in wordpress (CVE-2025-12714)
vulnerability in wordpress (CVE-2025-12714). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42965 |
|
SSRF (Server-Side Request Forgery) in redhat (CVE-2026-42965)
SSRF in redhat (CVE-2026-42965). Confidential information can be exposed externally.
|
| CVE-2026-46579 |
|
Authentication Bypass in redhat (CVE-2026-46579)
authentication bypass in redhat (CVE-2026-46579). Confidential information can be exposed externally. Exploitable via ``insecureEdgeTerminationPolicy``.
|
| CVE-2026-9811 |
|
Cross-Site Scripting (XSS) in mautic/core (CVE-2026-9811)
cross-site scripting in mautic/core (CVE-2026-9811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-9809 |
|
Cross-Site Scripting (XSS) in mautic/core (CVE-2026-9809)
cross-site scripting in mautic/core (CVE-2026-9809). Data can be tampered with by attackers. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-9808 |
|
Authorization Flaw in mautic/core (CVE-2026-9808)
vulnerability in mautic/core (CVE-2026-9808). Confidential information can be exposed externally. Exploitable via ``viewown``. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-9559 |
|
Path Traversal in mautic/core (CVE-2026-9559)
path traversal in mautic/core (CVE-2026-9559). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-9557 |
|
SSRF (Server-Side Request Forgery) in mautic/core (CVE-2026-9557)
SSRF in mautic/core (CVE-2026-9557). Risk of unauthorized operations or information disclosure. Exploitable via ``MauticFocusBundle``. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-9558 |
|
Vulnerability in mautic/core (CVE-2026-9558)
vulnerability in mautic/core (CVE-2026-9558). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-49200 |
|
Vulnerability in acer (CVE-2026-49200)
vulnerability in acer (CVE-2026-49200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6075 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6075)
vulnerability in wordpress (CVE-2026-6075). Data can be tampered with by attackers.
|
| CVE-2026-49199 |
|
Command Injection in acer (CVE-2026-49199)
command injection in acer (CVE-2026-49199). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49197 |
|
Authentication Bypass in acer (CVE-2026-49197)
authentication bypass in acer (CVE-2026-49197). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-49198 |
|
Vulnerability in acer (CVE-2026-49198)
vulnerability in acer (CVE-2026-49198). Confidential information can be exposed externally.
|
| CVE-2026-10052 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10052 (CVE-2026-10052)
SSRF in CVE-2026-10052 (CVE-2026-10052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49195 |
|
Vulnerability in acer (CVE-2026-49195)
vulnerability in acer (CVE-2026-49195). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10039 |
|
SQL Injection in wordpress (CVE-2026-10039)
SQL injection in wordpress (CVE-2026-10039). Confidential information can be exposed externally.
|
| CVE-2026-49196 |
|
Command Injection in acer (CVE-2026-49196)
command injection in acer (CVE-2026-49196). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10058 |
|
Cross-Site Scripting (XSS) in CVE-2026-10058 (CVE-2026-10058)
cross-site scripting in CVE-2026-10058 (CVE-2026-10058). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10057 |
|
Cross-Site Scripting (XSS) in CVE-2026-10057 (CVE-2026-10057)
cross-site scripting in CVE-2026-10057 (CVE-2026-10057). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4776 |
|
Mautic has SQL Injection in API Contact Filtering
Mautic has SQL Injection in API Contact Filtering
|
| CVE-2026-9243 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9243)
cross-site scripting in wordpress (CVE-2026-9243). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49322 |
|
Vulnerability in CVE-2026-49322 (CVE-2026-49322)
vulnerability in CVE-2026-49322 (CVE-2026-49322). Confidential information can be exposed externally.
|
| CVE-2026-3655 |
|
Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
|
| CVE-2025-11262 |
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
| CVE-2025-14042 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-14042)
cross-site scripting in wordpress (CVE-2025-14042). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6275 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6275)
cross-site scripting in wordpress (CVE-2026-6275). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9714 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9714)
cross-site scripting in wordpress (CVE-2026-9714). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8732 |
|
Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6324 |
|
Vulnerability in CVE-2026-6324 (CVE-2026-6324)
vulnerability in CVE-2026-6324 (CVE-2026-6324). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11993 |
|
Unsafe Deserialization in wordpress (CVE-2025-11993)
vulnerability in wordpress (CVE-2025-11993). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2128 |
|
Information Disclosure in wordpress (CVE-2026-2128)
vulnerability in wordpress (CVE-2026-2128). Risk of unauthorized operations or information disclosure. Exploitable via ``wordpress_logged_in_``.
|
| CVE-2026-8995 |
|
Information Disclosure in wordpress (CVE-2026-8995)
vulnerability in wordpress (CVE-2026-8995). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7430 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7430)
cross-site scripting in wordpress (CVE-2026-7430). Risk of unauthorized operations or information disclosure. Exploitable via ``WPEditor.php``.
|
| CVE-2026-7480 |
|
Vulnerability in CVE-2026-7480 (CVE-2026-7480)
vulnerability in CVE-2026-7480 (CVE-2026-7480). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8070 |
|
Vulnerability in CVE-2026-8070 (CVE-2026-8070)
vulnerability in CVE-2026-8070 (CVE-2026-8070). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9967 |
|
Out-of-Bounds Write in google (CVE-2026-9967)
out-of-bounds write in google (CVE-2026-9967). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9938 |
|
Code Injection in google (CVE-2026-9938)
code injection in google (CVE-2026-9938). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9948 |
|
Use-After-Free in google (CVE-2026-9948)
vulnerability in google (CVE-2026-9948). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9934 |
|
Use-After-Free in Google chrome (CVE-2026-9934)
vulnerability in Google chrome (CVE-2026-9934). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9951 |
|
Use-After-Free in google (CVE-2026-9951)
vulnerability in google (CVE-2026-9951). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9946 |
|
Use-After-Free in google (CVE-2026-9946)
vulnerability in google (CVE-2026-9946). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9937 |
|
Use-After-Free in google (CVE-2026-9937)
vulnerability in google (CVE-2026-9937). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9952 |
|
Use-After-Free in google (CVE-2026-9952)
vulnerability in google (CVE-2026-9952). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9947 |
|
Use-After-Free in google (CVE-2026-9947)
vulnerability in google (CVE-2026-9947). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9910 |
|
Out-of-Bounds Read in google (CVE-2026-9910)
vulnerability in google (CVE-2026-9910). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9913 |
|
Out-of-Bounds Read in google (CVE-2026-9913)
vulnerability in google (CVE-2026-9913). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9919 |
|
Out-of-Bounds Read in google (CVE-2026-9919)
vulnerability in google (CVE-2026-9919). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9928 |
|
Out-of-Bounds Read in google (CVE-2026-9928)
vulnerability in google (CVE-2026-9928). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9908 |
|
Out-of-Bounds Read in google (CVE-2026-9908)
vulnerability in google (CVE-2026-9908). Confidential information can be exposed externally.
|