Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-48777 Path Traversal in github.com/gtsteffaniak/filebrowser/backend (CVE-2026-48777)
path traversal in github.com/gtsteffaniak/filebrowser/backend (CVE-2026-48777). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /public/api/resources`. Mitigation: upgrade to `0.0.0-20260518193514-28e9b81e438e` or later.
CVE-2026-32253 Authentication Bypass in cpp (CVE-2026-32253)
authentication bypass in cpp (CVE-2026-32253). Successful exploitation can lead to full system takeover.
CVE-2026-47166 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-47166)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-47166). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
CVE-2026-47165 Information Disclosure in Magick.NET-Q16-AnyCPU (CVE-2026-47165)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-47165). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
CVE-2026-46693 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46693)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46693). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
CVE-2026-46692 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46692)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46692). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.12.0` or later.
CVE-2026-25606 SQL Injection in sqli (CVE-2026-25606)
SQL injection in sqli (CVE-2026-25606). Risk of unauthorized operations or information disclosure.
CVE-2026-5072 Vulnerability in c (CVE-2026-5072)
vulnerability in c (CVE-2026-5072). Risk of unauthorized operations or information disclosure.
CVE-2026-9104 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9104)
cross-site scripting in wordpress (CVE-2026-9104). Risk of unauthorized operations or information disclosure.
CVE-2026-9018 Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
CVE-2026-4070 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-4070)
vulnerability in wordpress (CVE-2026-4070). Risk of unauthorized operations or information disclosure.
CVE-2026-7249 Vulnerability in wordpress (CVE-2026-7249)
vulnerability in wordpress (CVE-2026-7249). Risk of unauthorized operations or information disclosure. Exploitable via ``init``.
CVE-2026-6864 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6864)
cross-site scripting in wordpress (CVE-2026-6864). Risk of unauthorized operations or information disclosure.
CVE-2026-7509 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7509)
cross-site scripting in wordpress (CVE-2026-7509). Risk of unauthorized operations or information disclosure. Exploitable via ``before``.
CVE-2026-44409 Information Disclosure in zte (CVE-2026-44409)
vulnerability in zte (CVE-2026-44409). Confidential information can be exposed externally.
CVE-2026-3481 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3481)
cross-site scripting in wordpress (CVE-2026-3481). Risk of unauthorized operations or information disclosure.
CVE-2026-2518 Vulnerability in wordpress (CVE-2026-2518)
vulnerability in wordpress (CVE-2026-2518). Risk of unauthorized operations or information disclosure.
CVE-2026-46597 Vulnerability in golang.org/x/crypto (CVE-2026-46597)
vulnerability in golang.org/x/crypto (CVE-2026-46597). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-4834 SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
CVE-2026-46595 Authorization Flaw in golang.org/x/crypto (CVE-2026-46595)
vulnerability in golang.org/x/crypto (CVE-2026-46595). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-42508 Vulnerability in golang.org/x/crypto (CVE-2026-42508)
vulnerability in golang.org/x/crypto (CVE-2026-42508). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39835 Vulnerability in golang.org/x/crypto (CVE-2026-39835)
vulnerability in golang.org/x/crypto (CVE-2026-39835). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39834 Vulnerability in golang.org/x/crypto (CVE-2026-39834)
vulnerability in golang.org/x/crypto (CVE-2026-39834). Data can be tampered with by attackers. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39831 Vulnerability in golang.org/x/crypto (CVE-2026-39831)
vulnerability in golang.org/x/crypto (CVE-2026-39831). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39833 Vulnerability in golang.org/x/crypto (CVE-2026-39833)
vulnerability in golang.org/x/crypto (CVE-2026-39833). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39832 Unsafe Deserialization in golang.org/x/crypto (CVE-2026-39832)
vulnerability in golang.org/x/crypto (CVE-2026-39832). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39828 Vulnerability in golang.org/x/crypto (CVE-2026-39828)
vulnerability in golang.org/x/crypto (CVE-2026-39828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39830 Buffer Overflow in golang.org/x/crypto (CVE-2026-39830)
vulnerability in golang.org/x/crypto (CVE-2026-39830). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39829 Vulnerability in golang.org/x/crypto (CVE-2026-39829)
vulnerability in golang.org/x/crypto (CVE-2026-39829). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-42506 Cross-Site Scripting (XSS) in golang.org/x/net (CVE-2026-42506)
cross-site scripting in golang.org/x/net (CVE-2026-42506). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-25680 Vulnerability in golang.org/x/net (CVE-2026-25680)
vulnerability in golang.org/x/net (CVE-2026-25680). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-34909 KEV [KEV] Path Traversal in Ubiquiti path-traversal (CVE-2026-34909)
path traversal in Ubiquiti path-traversal (CVE-2026-34909). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-34911 Path Traversal in path-traversal (CVE-2026-34911)
path traversal in path-traversal (CVE-2026-34911). Confidential information can be exposed externally.
CVE-2026-34908 KEV [KEV] Vulnerability in Ubiquiti ui (CVE-2026-34908)
vulnerability in Ubiquiti ui (CVE-2026-34908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-34910 KEV [KEV] Vulnerability in Ubiquiti ui (CVE-2026-34910)
vulnerability in Ubiquiti ui (CVE-2026-34910). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-33000 Vulnerability in ui (CVE-2026-33000)
vulnerability in ui (CVE-2026-33000). Successful exploitation can lead to full system takeover.
CVE-2026-8435 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8435)
vulnerability in concrete5/concrete5 (CVE-2026-8435). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8413 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8413)
vulnerability in concrete5/concrete5 (CVE-2026-8413). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8414 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8414)
vulnerability in concrete5/concrete5 (CVE-2026-8414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8415 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8416 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8416)
vulnerability in concrete5/concrete5 (CVE-2026-8416). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8427 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8427)
vulnerability in concrete5/concrete5 (CVE-2026-8427). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8432 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8432)
vulnerability in concrete5/concrete5 (CVE-2026-8432). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8433 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8433)
vulnerability in concrete5/concrete5 (CVE-2026-8433). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8434 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8434)
vulnerability in concrete5/concrete5 (CVE-2026-8434). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8327 Privilege Escalation in concrete5/concrete5 (CVE-2026-8327)
vulnerability in concrete5/concrete5 (CVE-2026-8327). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8409 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8409)
vulnerability in concrete5/concrete5 (CVE-2026-8409). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8410 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8410)
vulnerability in concrete5/concrete5 (CVE-2026-8410). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8411 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8411)
vulnerability in concrete5/concrete5 (CVE-2026-8411). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8412 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8412)
vulnerability in concrete5/concrete5 (CVE-2026-8412). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →