Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-44216 Vulnerability in wasmtime (CVE-2026-44216)
vulnerability in wasmtime (CVE-2026-44216). Risk of unauthorized operations or information disclosure. Exploitable via ``memory64``. Mitigation: upgrade to `43.0.2` or later.
CVE-2026-42457 Cross-Site Scripting (XSS) in CVE-2026-42457 (CVE-2026-42457)
cross-site scripting in CVE-2026-42457 (CVE-2026-42457). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.4.3` or later.
CVE-2026-42881 Path Traversal in CVE-2026-42881 (CVE-2026-42881)
path traversal in CVE-2026-42881 (CVE-2026-42881). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.7` or later.
CVE-2026-46443 Information Disclosure in flowise (CVE-2026-46443)
vulnerability in flowise (CVE-2026-46443). Confidential information can be exposed externally. Exploitable via ``credentialName``. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46442 Code Injection in flowise (CVE-2026-46442)
code injection in flowise (CVE-2026-46442). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/node-custom-function`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46441 Vulnerability in flowise (CVE-2026-46441)
vulnerability in flowise (CVE-2026-46441). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/assistants/{assistantId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46440 Vulnerability in flowise (CVE-2026-46440)
vulnerability in flowise (CVE-2026-46440). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42863 Vulnerability in flowise (CVE-2026-42863)
vulnerability in flowise (CVE-2026-42863). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/chatflows/{chatflowId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42862 Vulnerability in flowise (CVE-2026-42862)
vulnerability in flowise (CVE-2026-42862). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /api/v1/tools/{toolId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42861 Vulnerability in flowise (CVE-2026-42861)
vulnerability in flowise (CVE-2026-42861). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/variables/{variableId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46356 Vulnerability in github.com/fleetdm/fleet (CVE-2026-46356)
vulnerability in github.com/fleetdm/fleet (CVE-2026-46356). Data can be tampered with by attackers. Mitigation: upgrade to `4.80.1` or later.
CVE-2026-41249 Code Injection in coreshop/core-shop (CVE-2026-41249)
code injection in coreshop/core-shop (CVE-2026-41249). Confidential information can be exposed externally. Exploitable via ``pull_request_target``.
CVE-2026-27886 Path Traversal in @strapi/strapi (CVE-2026-27886)
path traversal in @strapi/strapi (CVE-2026-27886). Confidential information can be exposed externally. Exploitable via `POST /admin/reset-password`. Mitigation: upgrade to `5.37.0` or later.
CVE-2026-26191 OS Command Injection in github.com/fleetdm/fleet/v4 (CVE-2026-26191)
OS command injection in github.com/fleetdm/fleet/v4 (CVE-2026-26191). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.81.1` or later.
CVE-2026-26062 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062). Risk of unauthorized operations or information disclosure. Exploitable via ``PublishLogs``. Mitigation: upgrade to `4.81.0` or later.
CVE-2026-5790 Cross-Site Scripting (XSS) in CVE-2026-5790 (CVE-2026-5790)
cross-site scripting in CVE-2026-5790 (CVE-2026-5790). Risk of unauthorized operations or information disclosure.
CVE-2026-4029 Vulnerability in wordpress (CVE-2026-4029)
vulnerability in wordpress (CVE-2026-4029). Confidential information can be exposed externally.
CVE-2026-4030 Vulnerability in wordpress (CVE-2026-4030)
vulnerability in wordpress (CVE-2026-4030). Successful exploitation can lead to full system takeover.
CVE-2026-4031 Vulnerability in wordpress (CVE-2026-4031)
vulnerability in wordpress (CVE-2026-4031). Confidential information can be exposed externally.
CVE-2026-43644 Cross-Site Scripting (XSS) in github.com/stefanprodan/podinfo (CVE-2026-43644)
cross-site scripting in github.com/stefanprodan/podinfo (CVE-2026-43644). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.1-0.20260519111337-cbebb20fd485` or later.
CVE-2026-24899 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24899)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24899). Confidential information can be exposed externally. Exploitable via ``aud``. Mitigation: upgrade to `4.82.0` or later.
CVE-2026-24000 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.80.1` or later.
CVE-2026-23998 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-23998)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-23998). Confidential information can be exposed externally. Mitigation: upgrade to `4.81.0` or later.
CVE-2026-22707 Unrestricted File Upload in @strapi/upload (CVE-2026-22707)
vulnerability in @strapi/upload (CVE-2026-22707). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/upload`. Mitigation: upgrade to `5.33.3` or later.
CVE-2026-8468 Vulnerability in plug (CVE-2026-8468)
vulnerability in plug (CVE-2026-8468). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.4, 1.16.3, 1.17.1, 1.18.2, 1.19.2` or later.
CVE-2026-8295 Vulnerability in CVE-2026-8295 (CVE-2026-8295)
vulnerability in CVE-2026-8295 (CVE-2026-8295). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.6.4` or later.
CVE-2025-68421 Vulnerability in CVE-2025-68421 (CVE-2025-68421)
vulnerability in CVE-2025-68421 (CVE-2025-68421). Risk of unauthorized operations or information disclosure.
CVE-2025-11024 SQL Injection in sqli (CVE-2025-11024)
SQL injection in sqli (CVE-2025-11024). Successful exploitation can lead to full system takeover.
CVE-2026-6504 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6504)
cross-site scripting in wordpress (CVE-2026-6504). Risk of unauthorized operations or information disclosure.
CVE-2026-6174 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6174)
cross-site scripting in wordpress (CVE-2026-6174). Risk of unauthorized operations or information disclosure.
CVE-2026-6512 Vulnerability in wordpress (CVE-2026-6512)
vulnerability in wordpress (CVE-2026-6512). Confidential information can be exposed externally.
CVE-2026-6145 Vulnerability in wordpress (CVE-2026-6145)
vulnerability in wordpress (CVE-2026-6145). Risk of unauthorized operations or information disclosure.
CVE-2026-6514 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6514)
SSRF in wordpress (CVE-2026-6514). Confidential information can be exposed externally.
CVE-2026-6510 Vulnerability in wordpress (CVE-2026-6510)
vulnerability in wordpress (CVE-2026-6510). Successful exploitation can lead to full system takeover.
CVE-2026-6670 Path Traversal in wordpress (CVE-2026-6670)
path traversal in wordpress (CVE-2026-6670). Confidential information can be exposed externally.
CVE-2026-6506 Vulnerability in wordpress (CVE-2026-6506)
vulnerability in wordpress (CVE-2026-6506). Successful exploitation can lead to full system takeover.
CVE-2026-6225 SQL Injection in wordpress (CVE-2026-6225)
SQL injection in wordpress (CVE-2026-6225). Confidential information can be exposed externally.
CVE-2026-6252 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6252)
cross-site scripting in wordpress (CVE-2026-6252). Risk of unauthorized operations or information disclosure.
CVE-2026-6271 Unrestricted File Upload in wordpress (CVE-2026-6271)
vulnerability in wordpress (CVE-2026-6271). Successful exploitation can lead to full system takeover.
CVE-2026-5365 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-5365)
vulnerability in wordpress (CVE-2026-5365). Risk of unauthorized operations or information disclosure.
CVE-2026-5193 Privilege Escalation in wordpress (CVE-2026-5193)
vulnerability in wordpress (CVE-2026-5193). Data can be tampered with by attackers.
CVE-2026-3892 Vulnerability in wordpress (CVE-2026-3892)
vulnerability in wordpress (CVE-2026-3892). Data can be tampered with by attackers.
CVE-2026-3718 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3718)
cross-site scripting in wordpress (CVE-2026-3718). Risk of unauthorized operations or information disclosure.
CVE-2026-3694 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3694)
cross-site scripting in wordpress (CVE-2026-3694). Risk of unauthorized operations or information disclosure.
CVE-2026-7481 Cross-Site Scripting (XSS) in gitlab (CVE-2026-7481)
cross-site scripting in gitlab (CVE-2026-7481). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-7377 Cross-Site Scripting (XSS) in gitlab (CVE-2026-7377)
cross-site scripting in gitlab (CVE-2026-7377). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-6335 Cross-Site Scripting (XSS) in gitlab (CVE-2026-6335)
cross-site scripting in gitlab (CVE-2026-6335). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.11.3` or later.
CVE-2026-8280 Vulnerability in gitlab (CVE-2026-8280)
vulnerability in gitlab (CVE-2026-8280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-8144 Vulnerability in gitlab (CVE-2026-8144)
vulnerability in gitlab (CVE-2026-8144). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-6883 Vulnerability in gitlab (CVE-2026-6883)
vulnerability in gitlab (CVE-2026-6883). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →