Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-58049 |
|
FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes...
FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes...
|
| CVE-2026-8095 |
|
Vulnerability in wordpress (CVE-2026-8095)
vulnerability in wordpress (CVE-2026-8095). Data can be tampered with by attackers.
|
| CVE-2026-10643 |
|
Out-of-Bounds Write in c (CVE-2026-10643)
out-of-bounds write in c (CVE-2026-10643). Data can be tampered with by attackers.
|
| CVE-2026-49416 |
|
Vulnerability in freebsd (CVE-2026-49416)
vulnerability in freebsd (CVE-2026-49416). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11597 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11597)
cross-site scripting in wordpress (CVE-2026-11597). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11783 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11783)
cross-site scripting in wordpress (CVE-2026-11783). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12399 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12399)
cross-site scripting in wordpress (CVE-2026-12399). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13295 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13295)
cross-site scripting in wordpress (CVE-2026-13295). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3462 |
|
Vulnerability in wordpress (CVE-2026-3462)
vulnerability in wordpress (CVE-2026-3462). Data can be tampered with by attackers.
|
| CVE-2026-12432 |
|
Vulnerability in wordpress (CVE-2026-12432)
vulnerability in wordpress (CVE-2026-12432). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9233 |
|
Vulnerability in wordpress (CVE-2026-9233)
vulnerability in wordpress (CVE-2026-9233). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12471 |
|
Vulnerability in wordpress (CVE-2026-12471)
vulnerability in wordpress (CVE-2026-12471). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11773 |
|
Vulnerability in wordpress (CVE-2026-11773)
vulnerability in wordpress (CVE-2026-11773). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11364 |
|
Vulnerability in wordpress (CVE-2026-11364)
vulnerability in wordpress (CVE-2026-11364). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49417 |
|
Use-After-Free in dos (CVE-2026-49417)
vulnerability in dos (CVE-2026-49417). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49412 |
|
Use-After-Free in freebsd (CVE-2026-49412)
vulnerability in freebsd (CVE-2026-49412). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45258 |
|
Out-of-Bounds Read in dos (CVE-2026-45258)
vulnerability in dos (CVE-2026-45258). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13245 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13245)
cross-site scripting in wordpress (CVE-2026-13245). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12404 |
|
Vulnerability in wordpress (CVE-2026-12404)
vulnerability in wordpress (CVE-2026-12404). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12415 |
|
Privilege Escalation in wordpress (CVE-2026-12415)
vulnerability in wordpress (CVE-2026-12415). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13422 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-13422)
vulnerability in wordpress (CVE-2026-13422). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-59868 |
|
Vulnerability in hcltech (CVE-2025-59868)
vulnerability in hcltech (CVE-2025-59868). Confidential information can be exposed externally.
|
| CVE-2026-13333 |
|
SQL Injection in wordpress (CVE-2026-13333)
SQL injection in wordpress (CVE-2026-13333). Confidential information can be exposed externally.
|
| CVE-2026-11356 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11356)
cross-site scripting in wordpress (CVE-2026-11356). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13335 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13335)
cross-site scripting in wordpress (CVE-2026-13335). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13331 |
|
SQL Injection in wordpress (CVE-2026-13331)
SQL injection in wordpress (CVE-2026-13331). Confidential information can be exposed externally.
|
| CVE-2026-28701 |
|
Path Traversal in daktronics (CVE-2026-28701)
path traversal in daktronics (CVE-2026-28701). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56414 |
|
Unrestricted File Upload in CVE-2026-56414 (CVE-2026-56414)
vulnerability in CVE-2026-56414 (CVE-2026-56414). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33560 |
|
Unrestricted File Upload in daktronics (CVE-2026-33560)
vulnerability in daktronics (CVE-2026-33560). Data can be tampered with by attackers.
|
| CVE-2026-31928 |
|
Vulnerability in daktronics (CVE-2026-31928)
vulnerability in daktronics (CVE-2026-31928). Confidential information can be exposed externally.
|
| CVE-2026-36908 |
|
Vulnerability in dos (CVE-2026-36908)
vulnerability in dos (CVE-2026-36908). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36907 |
|
Vulnerability in dos (CVE-2026-36907)
vulnerability in dos (CVE-2026-36907). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38571 |
|
Vulnerability in CVE-2026-38571 (CVE-2026-38571)
vulnerability in CVE-2026-38571 (CVE-2026-38571). Confidential information can be exposed externally.
|
| CVE-2026-50766 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-50766)
cross-site scripting in koha (CVE-2026-50766). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50767 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-50767)
cross-site scripting in koha (CVE-2026-50767). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50765 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-50765)
cross-site scripting in koha (CVE-2026-50765). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36478 |
|
Vulnerability in csharp (CVE-2026-36478)
vulnerability in csharp (CVE-2026-36478). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55700 |
|
Path Traversal in pnpm (CVE-2026-55700)
path traversal in pnpm (CVE-2026-55700). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55699 |
|
Path Traversal in pnpm (CVE-2026-55699)
path traversal in pnpm (CVE-2026-55699). Risk of unauthorized operations or information disclosure. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55698 |
|
Vulnerability in pnpm (CVE-2026-55698)
vulnerability in pnpm (CVE-2026-55698). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55697 |
|
OS Command Injection in pnpm (CVE-2026-55697)
OS command injection in pnpm (CVE-2026-55697). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55487 |
|
Vulnerability in pnpm (CVE-2026-55487)
vulnerability in pnpm (CVE-2026-55487). Successful exploitation can lead to full system takeover. Exploitable via ``bf1b731ee6``. Mitigation: upgrade to `10.34.2` or later.
|
| CVE-2026-55180 |
|
Information Disclosure in pnpm (CVE-2026-55180)
vulnerability in pnpm (CVE-2026-55180). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-50015 |
|
Path Traversal in pnpm (CVE-2026-50015)
path traversal in pnpm (CVE-2026-50015). Data can be tampered with by attackers. Exploitable via ``patchedDependencies``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-50017 |
|
Information Disclosure in pnpm (CVE-2026-50017)
vulnerability in pnpm (CVE-2026-50017). Confidential information can be exposed externally. Exploitable via ``_authToken``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-50016 |
|
Vulnerability in pnpm (CVE-2026-50016)
vulnerability in pnpm (CVE-2026-50016). Successful exploitation can lead to full system takeover. Exploitable via ``node_modules``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-50014 |
|
Vulnerability in pnpm (CVE-2026-50014)
vulnerability in pnpm (CVE-2026-50014). Confidential information can be exposed externally. Exploitable via ``resolution.commit``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-49869 |
|
OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-53577 |
|
Authorization Flaw in kestra (CVE-2026-53577)
vulnerability in kestra (CVE-2026-53577). Confidential information can be exposed externally. Exploitable via `GET /api/v1/{tenant}/executions/{executionId}/file/preview`. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-49984 |
|
Path Traversal in kestra (CVE-2026-49984)
path traversal in kestra (CVE-2026-49984). Confidential information can be exposed externally. Exploitable via `GET /api/v1/{tenant}/executions/{executionId}/file`. Mitigation: upgrade to `1.0.45` or later.
|