Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-43644 |
|
Cross-Site Scripting (XSS) in github.com/stefanprodan/podinfo (CVE-2026-43644)
cross-site scripting in github.com/stefanprodan/podinfo (CVE-2026-43644). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.1-0.20260519111337-cbebb20fd485` or later.
|
| CVE-2026-24899 |
|
Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24899)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24899). Confidential information can be exposed externally. Exploitable via ``aud``. Mitigation: upgrade to `4.82.0` or later.
|
| CVE-2026-24000 |
|
Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.80.1` or later.
|
| CVE-2026-23998 |
|
Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-23998)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-23998). Confidential information can be exposed externally. Mitigation: upgrade to `4.81.0` or later.
|
| CVE-2026-22707 |
|
Unrestricted File Upload in @strapi/upload (CVE-2026-22707)
vulnerability in @strapi/upload (CVE-2026-22707). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/upload`. Mitigation: upgrade to `5.33.3` or later.
|
| CVE-2026-8468 |
|
Vulnerability in plug (CVE-2026-8468)
vulnerability in plug (CVE-2026-8468). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.4, 1.16.3, 1.17.1, 1.18.2, 1.19.2` or later.
|
| CVE-2026-8295 |
|
Vulnerability in CVE-2026-8295 (CVE-2026-8295)
vulnerability in CVE-2026-8295 (CVE-2026-8295). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.6.4` or later.
|
| CVE-2025-68421 |
|
Vulnerability in CVE-2025-68421 (CVE-2025-68421)
vulnerability in CVE-2025-68421 (CVE-2025-68421). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11024 |
|
SQL Injection in sqli (CVE-2025-11024)
SQL injection in sqli (CVE-2025-11024). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6504 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6504)
cross-site scripting in wordpress (CVE-2026-6504). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6174 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6174)
cross-site scripting in wordpress (CVE-2026-6174). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6512 |
|
Vulnerability in wordpress (CVE-2026-6512)
vulnerability in wordpress (CVE-2026-6512). Confidential information can be exposed externally.
|
| CVE-2026-6145 |
|
Vulnerability in wordpress (CVE-2026-6145)
vulnerability in wordpress (CVE-2026-6145). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6514 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6514)
SSRF in wordpress (CVE-2026-6514). Confidential information can be exposed externally.
|
| CVE-2026-6510 |
|
Vulnerability in wordpress (CVE-2026-6510)
vulnerability in wordpress (CVE-2026-6510). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6670 |
|
Path Traversal in wordpress (CVE-2026-6670)
path traversal in wordpress (CVE-2026-6670). Confidential information can be exposed externally.
|
| CVE-2026-6506 |
|
Vulnerability in wordpress (CVE-2026-6506)
vulnerability in wordpress (CVE-2026-6506). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6225 |
|
SQL Injection in wordpress (CVE-2026-6225)
SQL injection in wordpress (CVE-2026-6225). Confidential information can be exposed externally.
|
| CVE-2026-6252 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6252)
cross-site scripting in wordpress (CVE-2026-6252). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6271 |
|
Unrestricted File Upload in wordpress (CVE-2026-6271)
vulnerability in wordpress (CVE-2026-6271). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5365 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-5365)
vulnerability in wordpress (CVE-2026-5365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5193 |
|
Privilege Escalation in wordpress (CVE-2026-5193)
vulnerability in wordpress (CVE-2026-5193). Data can be tampered with by attackers.
|
| CVE-2026-3892 |
|
Vulnerability in wordpress (CVE-2026-3892)
vulnerability in wordpress (CVE-2026-3892). Data can be tampered with by attackers.
|
| CVE-2026-3718 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3718)
cross-site scripting in wordpress (CVE-2026-3718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3694 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3694)
cross-site scripting in wordpress (CVE-2026-3694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7481 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-7481)
cross-site scripting in gitlab (CVE-2026-7481). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-7377 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-7377)
cross-site scripting in gitlab (CVE-2026-7377). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-6335 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-6335)
cross-site scripting in gitlab (CVE-2026-6335). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.11.3` or later.
|
| CVE-2026-8280 |
|
Vulnerability in gitlab (CVE-2026-8280)
vulnerability in gitlab (CVE-2026-8280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-8144 |
|
Vulnerability in gitlab (CVE-2026-8144)
vulnerability in gitlab (CVE-2026-8144). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-6883 |
|
Vulnerability in gitlab (CVE-2026-6883)
vulnerability in gitlab (CVE-2026-6883). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-7471 |
|
SSRF (Server-Side Request Forgery) in gitlab (CVE-2026-7471)
SSRF in gitlab (CVE-2026-7471). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-8181 |
|
Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2025-14870 |
|
Vulnerability in gitlab (CVE-2025-14870)
vulnerability in gitlab (CVE-2025-14870). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-1659 |
|
Vulnerability in gitlab (CVE-2026-1659)
vulnerability in gitlab (CVE-2026-1659). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-2900 |
|
Vulnerability in gitlab (CVE-2026-2900)
vulnerability in gitlab (CVE-2026-2900). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-3829 |
|
Vulnerability in wordpress (CVE-2026-3829)
vulnerability in wordpress (CVE-2026-3829). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1184 |
|
Unsafe Deserialization in gitlab (CVE-2026-1184)
vulnerability in gitlab (CVE-2026-1184). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-6417 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6417)
cross-site scripting in wordpress (CVE-2026-6417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5243 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5243)
cross-site scripting in wordpress (CVE-2026-5243). Risk of unauthorized operations or information disclosure. Exploitable via ``menu_hover_click``.
|
| CVE-2026-6073 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-6073)
cross-site scripting in gitlab (CVE-2026-6073). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-4524 |
|
Vulnerability in gitlab (CVE-2026-4524)
vulnerability in gitlab (CVE-2026-4524). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2025-15345 |
|
Vulnerability in wordpress (CVE-2025-15345)
vulnerability in wordpress (CVE-2025-15345). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4527 |
|
Cross-Site Request Forgery (CSRF) in gitlab (CVE-2026-4527)
vulnerability in gitlab (CVE-2026-4527). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-3160 |
|
Vulnerability in gitlab (CVE-2026-3160)
vulnerability in gitlab (CVE-2026-3160). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2025-12669 |
|
Code Injection in gitlab (CVE-2025-12669)
code injection in gitlab (CVE-2025-12669). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-7525 |
|
Vulnerability in wordpress (CVE-2026-7525)
vulnerability in wordpress (CVE-2026-7525). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5361 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5361)
cross-site scripting in wordpress (CVE-2026-5361). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46445 |
|
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
|
| CVE-2026-46446 |
|
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored,...
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored,...
|