Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-6268 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6268)
cross-site scripting in wordpress (CVE-2026-6268). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8450 |
|
Vulnerability in CVE-2026-8450 (CVE-2026-8450)
vulnerability in CVE-2026-8450 (CVE-2026-8450). Confidential information can be exposed externally.
|
| CVE-2026-9236 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9236)
vulnerability in wordpress (CVE-2026-9236). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49000 |
|
Vulnerability in CVE-2026-49000 (CVE-2026-49000)
vulnerability in CVE-2026-49000 (CVE-2026-49000). Confidential information can be exposed externally.
|
| CVE-2026-6287 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6287)
cross-site scripting in wordpress (CVE-2026-6287). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14481 |
|
Vulnerability in wordpress (CVE-2025-14481)
vulnerability in wordpress (CVE-2025-14481). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48962 |
|
Vulnerability in CVE-2026-48962 (CVE-2026-48962)
vulnerability in CVE-2026-48962 (CVE-2026-48962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48961 |
|
Vulnerability in CVE-2026-48961 (CVE-2026-48961)
vulnerability in CVE-2026-48961 (CVE-2026-48961). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48999 |
|
Cross-Site Scripting (XSS) in CVE-2026-48999 (CVE-2026-48999)
cross-site scripting in CVE-2026-48999 (CVE-2026-48999). Data can be tampered with by attackers.
|
| CVE-2026-9022 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9022)
cross-site scripting in wordpress (CVE-2026-9022). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2253 |
|
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0,...
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0,...
|
| CVE-2026-2254 |
|
Vulnerability in hitachi (CVE-2026-2254)
vulnerability in hitachi (CVE-2026-2254). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2255 |
|
Vulnerability in hitachi (CVE-2026-2255)
vulnerability in hitachi (CVE-2026-2255). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49014 |
|
Vulnerability in gdal (CVE-2026-49014)
vulnerability in gdal (CVE-2026-49014). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.13.1` or later.
|
| CVE-2026-49017 |
|
Vulnerability in swift (CVE-2026-49017)
vulnerability in swift (CVE-2026-49017). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9156 |
|
Tanium addressed a denial of service vulnerability in Tanium Server.
Tanium addressed a denial of service vulnerability in Tanium Server.
|
| CVE-2026-7493 |
|
Vulnerability in wordpress (CVE-2026-7493)
vulnerability in wordpress (CVE-2026-7493). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9628 |
|
Buffer Overflow in CVE-2026-9628 (CVE-2026-9628)
vulnerability in CVE-2026-9628 (CVE-2026-9628). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9627 |
|
Buffer Overflow in CVE-2026-9627 (CVE-2026-9627)
vulnerability in CVE-2026-9627 (CVE-2026-9627). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9631 |
|
Buffer Overflow in CVE-2026-9631 (CVE-2026-9631)
vulnerability in CVE-2026-9631 (CVE-2026-9631). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9632 |
|
Buffer Overflow in CVE-2026-9632 (CVE-2026-9632)
vulnerability in CVE-2026-9632 (CVE-2026-9632). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6565 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6565)
cross-site scripting in wordpress (CVE-2026-6565). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9608 |
|
Cross-Site Scripting (XSS) in CVE-2026-9608 (CVE-2026-9608)
cross-site scripting in CVE-2026-9608 (CVE-2026-9608). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9207 |
|
Tanium addressed an unauthorized code execution vulnerability in Connect.
Tanium addressed an unauthorized code execution vulnerability in Connect.
|
| CVE-2026-44705 |
|
Path Traversal in tmp (CVE-2026-44705)
path traversal in tmp (CVE-2026-44705). Data can be tampered with by attackers. Exploitable via ``prefix``. Mitigation: upgrade to `0.2.6` or later.
|
| CVE-2026-9607 |
|
Vulnerability in sqli (CVE-2026-9607)
vulnerability in sqli (CVE-2026-9607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9606 |
|
Vulnerability in sqli (CVE-2026-9606)
vulnerability in sqli (CVE-2026-9606). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9312 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9312)
SSRF in ssrf (CVE-2026-9312). Confidential information can be exposed externally.
|
| CVE-2026-8606 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-8606)
SSRF in ssrf (CVE-2026-8606). Confidential information can be exposed externally.
|
| CVE-2026-9605 |
|
Buffer Overflow in c (CVE-2026-9605)
vulnerability in c (CVE-2026-9605). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44646 |
|
Vulnerability in liquidjs (CVE-2026-44646)
vulnerability in liquidjs (CVE-2026-44646). Risk of unauthorized operations or information disclosure. Exploitable via ``Context``.
|
| CVE-2026-44645 |
|
Vulnerability in liquidjs (CVE-2026-44645)
vulnerability in liquidjs (CVE-2026-44645). Risk of unauthorized operations or information disclosure. Exploitable via ``renderLimit``.
|
| CVE-2026-44644 |
|
Cross-Site Scripting (XSS) in liquidjs (CVE-2026-44644)
cross-site scripting in liquidjs (CVE-2026-44644). Risk of unauthorized operations or information disclosure. Exploitable via ``strip_html``.
|
| CVE-2026-44587 |
|
Cross-Site Scripting (XSS) in carrierwave (CVE-2026-44587)
cross-site scripting in carrierwave (CVE-2026-44587). Risk of unauthorized operations or information disclosure. Exploitable via ``Regexp.quote``. Mitigation: upgrade to `2.2.7` or later.
|
| CVE-2026-48027 KEV |
|
[KEV] Vulnerability in nx (CVE-2026-48027)
vulnerability in nx (CVE-2026-48027). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-42462 |
|
Vulnerability in @fedify/fedify (CVE-2026-42462)
vulnerability in @fedify/fedify (CVE-2026-42462). Data can be tampered with by attackers. Exploitable via ``Activity``. Mitigation: upgrade to `1.9.11` or later.
|
| CVE-2026-9604 |
|
Vulnerability in CVE-2026-9604 (CVE-2026-9604)
vulnerability in CVE-2026-9604 (CVE-2026-9604). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46740 |
|
Vulnerability in CVE-2026-46740 (CVE-2026-46740)
vulnerability in CVE-2026-46740 (CVE-2026-46740). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42089 |
|
Vulnerability in yeoman-environment (CVE-2026-42089)
vulnerability in yeoman-environment (CVE-2026-42089). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.0.1` or later.
|
| CVE-2026-41207 |
|
Vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-41207)
vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-41207). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.21.Final` or later.
|
| CVE-2026-34986 |
|
Vulnerability in github.com/go-jose/go-jose/v3 (CVE-2026-34986)
vulnerability in github.com/go-jose/go-jose/v3 (CVE-2026-34986). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.5` or later.
|
| CVE-2026-48710 |
|
Vulnerability in starlette (CVE-2026-48710)
vulnerability in starlette (CVE-2026-48710). Risk of unauthorized operations or information disclosure. Exploitable via `GET /foo`. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-9584 |
|
A security vulnerability has been detected in code-projects Project Management System 1.0....
A security vulnerability has been detected in code-projects Project Management System 1.0....
|
| CVE-2026-9603 |
|
Vulnerability in CVE-2026-9603 (CVE-2026-9603)
vulnerability in CVE-2026-9603 (CVE-2026-9603). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42013 |
|
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name ...
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name ...
|
| CVE-2026-42015 |
|
Vulnerability in dos (CVE-2026-42015)
vulnerability in dos (CVE-2026-42015). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-46284 |
|
Vulnerability in apple (CVE-2025-46284)
vulnerability in apple (CVE-2025-46284). Successful exploitation can lead to full system takeover.
|
| CVE-2025-43451 |
|
Vulnerability in apple (CVE-2025-43451)
vulnerability in apple (CVE-2025-43451). Confidential information can be exposed externally.
|
| CVE-2025-46307 |
|
Vulnerability in apple (CVE-2025-46307)
vulnerability in apple (CVE-2025-46307). Confidential information can be exposed externally.
|
| CVE-2026-42012 |
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a...
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a...
|