Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-4920 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4920)
cross-site scripting in wordpress (CVE-2026-4920). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6237 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6237)
cross-site scripting in wordpress (CVE-2026-6237). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5340 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5340)
cross-site scripting in wordpress (CVE-2026-5340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5715 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5715)
cross-site scripting in wordpress (CVE-2026-5715). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6247 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6247)
cross-site scripting in wordpress (CVE-2026-6247). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2993 |
|
SQL Injection in wordpress (CVE-2026-2993)
SQL injection in wordpress (CVE-2026-2993). Confidential information can be exposed externally.
|
| CVE-2026-2300 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2300)
cross-site scripting in wordpress (CVE-2026-2300). Risk of unauthorized operations or information disclosure. Exploitable via ``preg_replace``.
|
| CVE-2026-3604 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3604)
cross-site scripting in wordpress (CVE-2026-3604). Risk of unauthorized operations or information disclosure. Exploitable via ``_kcseo_ative_tab``.
|
| CVE-2026-39432 |
|
Vulnerability in CVE-2026-39432 (CVE-2026-39432)
vulnerability in CVE-2026-39432 (CVE-2026-39432). Confidential information can be exposed externally.
|
| CVE-2026-6402 |
|
Vulnerability in webpack-dev-server (CVE-2026-6402)
vulnerability in webpack-dev-server (CVE-2026-6402). Confidential information can be exposed externally. Mitigation: upgrade to `5.2.4` or later.
|
| CVE-2026-25107 |
|
Vulnerability in jvn (CVE-2026-25107)
vulnerability in jvn (CVE-2026-25107). Data can be tampered with by attackers.
|
| CVE-2026-20704 |
|
Cross-Site Request Forgery (CSRF) in jvn (CVE-2026-20704)
vulnerability in jvn (CVE-2026-20704). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-34577 |
|
Cross-Site Scripting (XSS) in jvn (CVE-2024-34577)
cross-site scripting in jvn (CVE-2024-34577). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35227 |
|
Vulnerability in CVE-2026-35227 (CVE-2026-35227)
vulnerability in CVE-2026-35227 (CVE-2026-35227). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0804 |
|
Vulnerability in path-traversal (CVE-2026-0804)
vulnerability in path-traversal (CVE-2026-0804). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0541 |
|
Vulnerability in privilege-escalation (CVE-2026-0541)
vulnerability in privilege-escalation (CVE-2026-0541). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1185 |
|
Vulnerability in privilege-escalation (CVE-2026-1185)
vulnerability in privilege-escalation (CVE-2026-1185). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0802 |
|
Vulnerability in privilege-escalation (CVE-2026-0802)
vulnerability in privilege-escalation (CVE-2026-0802). Confidential information can be exposed externally.
|
| CVE-2026-1681 |
|
Vulnerability in zephyrproject (CVE-2026-1681)
vulnerability in zephyrproject (CVE-2026-1681). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7256 |
|
OS Command Injection in zyxel (CVE-2026-7256)
OS command injection in zyxel (CVE-2026-7256). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7287 |
|
Vulnerability in dos (CVE-2026-7287)
vulnerability in dos (CVE-2026-7287). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45430 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-45430)
vulnerability in csrf (CVE-2026-45430). Confidential information can be exposed externally.
|
| CVE-2026-40136 |
|
Vulnerability in CVE-2026-40136 (CVE-2026-40136)
vulnerability in CVE-2026-40136 (CVE-2026-40136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34263 |
|
Vulnerability in CVE-2026-34263 (CVE-2026-34263)
vulnerability in CVE-2026-34263 (CVE-2026-34263). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40129 |
|
Code Injection in CVE-2026-40129 (CVE-2026-40129)
code injection in CVE-2026-40129 (CVE-2026-40129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40132 |
|
Vulnerability in CVE-2026-40132 (CVE-2026-40132)
vulnerability in CVE-2026-40132 (CVE-2026-40132). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40133 |
|
Vulnerability in CVE-2026-40133 (CVE-2026-40133)
vulnerability in CVE-2026-40133 (CVE-2026-40133). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40134 |
|
Vulnerability in CVE-2026-40134 (CVE-2026-40134)
vulnerability in CVE-2026-40134 (CVE-2026-40134). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40131 |
|
SQL Injection in sqli (CVE-2026-40131)
SQL injection in sqli (CVE-2026-40131). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40135 |
|
Command Injection in sap (CVE-2026-40135)
command injection in sap (CVE-2026-40135). Data can be tampered with by attackers.
|
| CVE-2026-40137 |
|
Cross-Site Scripting (XSS) in CVE-2026-40137 (CVE-2026-40137)
cross-site scripting in CVE-2026-40137 (CVE-2026-40137). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34260 |
|
SQL Injection in sqli (CVE-2026-34260)
SQL injection in sqli (CVE-2026-34260). Confidential information can be exposed externally.
|
| CVE-2026-34259 |
|
Command Injection in CVE-2026-34259 (CVE-2026-34259)
command injection in CVE-2026-34259 (CVE-2026-34259). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27682 |
|
Cross-Site Scripting (XSS) in sap (CVE-2026-27682)
cross-site scripting in sap (CVE-2026-27682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0502 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-0502)
vulnerability in csrf (CVE-2026-0502). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34258 |
|
Vulnerability in CVE-2026-34258 (CVE-2026-34258)
vulnerability in CVE-2026-34258 (CVE-2026-34258). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22796 |
|
Vulnerability in jvn (CVE-2026-22796)
vulnerability in jvn (CVE-2026-22796). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45391 |
|
Reserved. Details will be published at disclosure.
Reserved. Details will be published at disclosure.
|
| CVE-2026-45392 |
|
Reserved. Details will be published at disclosure.
Reserved. Details will be published at disclosure.
|
| CVE-2026-45393 |
|
Reserved. Details will be published at disclosure.
Reserved. Details will be published at disclosure.
|
| CVE-2026-45362 |
|
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
|
| CVE-2026-8349 |
|
Buffer Overflow in github.com/omec-project/amf (CVE-2026-8349)
vulnerability in github.com/omec-project/amf (CVE-2026-8349). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8345 |
|
Vulnerability in dlink (CVE-2026-8345)
vulnerability in dlink (CVE-2026-8345). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8346 |
|
Vulnerability in dlink (CVE-2026-8346)
vulnerability in dlink (CVE-2026-8346). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34963 |
|
Vulnerability in c (CVE-2026-34963)
vulnerability in c (CVE-2026-34963). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34962 |
|
Vulnerability in c (CVE-2026-34962)
vulnerability in c (CVE-2026-34962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45321 KEV |
|
[KEV] Vulnerability in @tanstack/arktype-adapter (CVE-2026-45321)
vulnerability in @tanstack/arktype-adapter (CVE-2026-45321). Successful exploitation can lead to full system takeover. Exploitable via ``pull_request_target``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.166.16` or later.
|
| CVE-2026-43913 |
|
Authorization Flaw in dani-garcia (CVE-2026-43913)
vulnerability in dani-garcia (CVE-2026-43913). Data can be tampered with by attackers. Exploitable via `POST /api/ciphers/purge`. Mitigation: upgrade to `1.35.5` or later.
|
| CVE-2026-43901 |
|
Path Traversal in wireshark-mcp (CVE-2026-43901)
path traversal in wireshark-mcp (CVE-2026-43901). Confidential information can be exposed externally. Exploitable via ``wireshark_export_objects``.
|
| CVE-2026-43912 |
|
Vulnerability in dani-garcia (CVE-2026-43912)
vulnerability in dani-garcia (CVE-2026-43912). Confidential information can be exposed externally. Mitigation: upgrade to `1.35.5` or later.
|