Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48777 |
|
Path Traversal in github.com/gtsteffaniak/filebrowser/backend (CVE-2026-48777)
path traversal in github.com/gtsteffaniak/filebrowser/backend (CVE-2026-48777). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /public/api/resources`. Mitigation: upgrade to `0.0.0-20260518193514-28e9b81e438e` or later.
|
| CVE-2026-32253 |
|
Authentication Bypass in cpp (CVE-2026-32253)
authentication bypass in cpp (CVE-2026-32253). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47166 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-47166)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-47166). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-47165 |
|
Information Disclosure in Magick.NET-Q16-AnyCPU (CVE-2026-47165)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-47165). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-46693 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46693)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46693). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-46692 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46692)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46692). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-25606 |
|
SQL Injection in sqli (CVE-2026-25606)
SQL injection in sqli (CVE-2026-25606). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5072 |
|
Vulnerability in c (CVE-2026-5072)
vulnerability in c (CVE-2026-5072). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9104 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9104)
cross-site scripting in wordpress (CVE-2026-9104). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9018 |
|
Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
|
| CVE-2026-4070 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-4070)
vulnerability in wordpress (CVE-2026-4070). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7249 |
|
Vulnerability in wordpress (CVE-2026-7249)
vulnerability in wordpress (CVE-2026-7249). Risk of unauthorized operations or information disclosure. Exploitable via ``init``.
|
| CVE-2026-6864 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6864)
cross-site scripting in wordpress (CVE-2026-6864). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7509 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7509)
cross-site scripting in wordpress (CVE-2026-7509). Risk of unauthorized operations or information disclosure. Exploitable via ``before``.
|
| CVE-2026-44409 |
|
Information Disclosure in zte (CVE-2026-44409)
vulnerability in zte (CVE-2026-44409). Confidential information can be exposed externally.
|
| CVE-2026-3481 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3481)
cross-site scripting in wordpress (CVE-2026-3481). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2518 |
|
Vulnerability in wordpress (CVE-2026-2518)
vulnerability in wordpress (CVE-2026-2518). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46597 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-46597)
vulnerability in golang.org/x/crypto (CVE-2026-46597). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-4834 |
|
SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
|
| CVE-2026-46595 |
|
Authorization Flaw in golang.org/x/crypto (CVE-2026-46595)
vulnerability in golang.org/x/crypto (CVE-2026-46595). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-42508 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-42508)
vulnerability in golang.org/x/crypto (CVE-2026-42508). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39835 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39835)
vulnerability in golang.org/x/crypto (CVE-2026-39835). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39834 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39834)
vulnerability in golang.org/x/crypto (CVE-2026-39834). Data can be tampered with by attackers. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39831 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39831)
vulnerability in golang.org/x/crypto (CVE-2026-39831). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39833 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39833)
vulnerability in golang.org/x/crypto (CVE-2026-39833). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39832 |
|
Unsafe Deserialization in golang.org/x/crypto (CVE-2026-39832)
vulnerability in golang.org/x/crypto (CVE-2026-39832). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39828 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39828)
vulnerability in golang.org/x/crypto (CVE-2026-39828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39830 |
|
Buffer Overflow in golang.org/x/crypto (CVE-2026-39830)
vulnerability in golang.org/x/crypto (CVE-2026-39830). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39829 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39829)
vulnerability in golang.org/x/crypto (CVE-2026-39829). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-42506 |
|
Cross-Site Scripting (XSS) in golang.org/x/net (CVE-2026-42506)
cross-site scripting in golang.org/x/net (CVE-2026-42506). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-25680 |
|
Vulnerability in golang.org/x/net (CVE-2026-25680)
vulnerability in golang.org/x/net (CVE-2026-25680). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-34909 KEV |
|
[KEV] Path Traversal in Ubiquiti path-traversal (CVE-2026-34909)
path traversal in Ubiquiti path-traversal (CVE-2026-34909). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34911 |
|
Path Traversal in path-traversal (CVE-2026-34911)
path traversal in path-traversal (CVE-2026-34911). Confidential information can be exposed externally.
|
| CVE-2026-34908 KEV |
|
[KEV] Vulnerability in Ubiquiti ui (CVE-2026-34908)
vulnerability in Ubiquiti ui (CVE-2026-34908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34910 KEV |
|
[KEV] Vulnerability in Ubiquiti ui (CVE-2026-34910)
vulnerability in Ubiquiti ui (CVE-2026-34910). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-33000 |
|
Vulnerability in ui (CVE-2026-33000)
vulnerability in ui (CVE-2026-33000). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8435 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8435)
vulnerability in concrete5/concrete5 (CVE-2026-8435). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8413 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8413)
vulnerability in concrete5/concrete5 (CVE-2026-8413). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8414 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8414)
vulnerability in concrete5/concrete5 (CVE-2026-8414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8415 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8416 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8416)
vulnerability in concrete5/concrete5 (CVE-2026-8416). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8427 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8427)
vulnerability in concrete5/concrete5 (CVE-2026-8427). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8432 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8432)
vulnerability in concrete5/concrete5 (CVE-2026-8432). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8433 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8433)
vulnerability in concrete5/concrete5 (CVE-2026-8433). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8434 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8434)
vulnerability in concrete5/concrete5 (CVE-2026-8434). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8327 |
|
Privilege Escalation in concrete5/concrete5 (CVE-2026-8327)
vulnerability in concrete5/concrete5 (CVE-2026-8327). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8409 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8409)
vulnerability in concrete5/concrete5 (CVE-2026-8409). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8410 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8410)
vulnerability in concrete5/concrete5 (CVE-2026-8410). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8411 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8411)
vulnerability in concrete5/concrete5 (CVE-2026-8411). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8412 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8412)
vulnerability in concrete5/concrete5 (CVE-2026-8412). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|