Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56319 |
|
Vulnerability in CVE-2026-56319 (CVE-2026-56319)
vulnerability in CVE-2026-56319 (CVE-2026-56319). Risk of unauthorized operations or information disclosure. Exploitable via `GET /statistics/app/`.
|
| CVE-2026-56307 |
|
Vulnerability in CVE-2026-56307 (CVE-2026-56307)
vulnerability in CVE-2026-56307 (CVE-2026-56307). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56282 |
|
Information Disclosure in CVE-2026-56282 (CVE-2026-56282)
vulnerability in CVE-2026-56282 (CVE-2026-56282). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71331 |
|
Vulnerability in flowiseai (CVE-2025-71331)
vulnerability in flowiseai (CVE-2025-71331). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56267 |
|
Information Disclosure in CVE-2026-56267 (CVE-2026-56267)
vulnerability in CVE-2026-56267 (CVE-2026-56267). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/account/forgot-password`.
|
| CVE-2026-56235 |
|
Information Disclosure in CVE-2026-56235 (CVE-2026-56235)
vulnerability in CVE-2026-56235 (CVE-2026-56235). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56218 |
|
Information Disclosure in CVE-2026-56218 (CVE-2026-56218)
vulnerability in CVE-2026-56218 (CVE-2026-56218). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56227 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-56227 (CVE-2026-56227)
SSRF in CVE-2026-56227 (CVE-2026-56227). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56228 |
|
Vulnerability in dos (CVE-2026-56228)
vulnerability in dos (CVE-2026-56228). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-58351 |
|
Code Injection in dos (CVE-2024-58351)
code injection in dos (CVE-2024-58351). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12673 |
|
Vulnerability in privilege-escalation (CVE-2026-12673)
vulnerability in privilege-escalation (CVE-2026-12673). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50972 |
|
Code Injection in CVE-2022-50972 (CVE-2022-50972)
code injection in CVE-2022-50972 (CVE-2022-50972). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37255 |
|
Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
|
| CVE-2019-25763 |
|
Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48909 |
|
Unsafe Deserialization in CVE-2026-48909 (CVE-2026-48909)
vulnerability in CVE-2026-48909 (CVE-2026-48909). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48908 KEV |
|
[KEV] Unrestricted File Upload in Joomshaper ollyo (CVE-2026-48908)
vulnerability in Joomshaper ollyo (CVE-2026-48908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-48939 |
|
Unrestricted File Upload in joomlic (CVE-2026-48939)
vulnerability in joomlic (CVE-2026-48939). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12119 |
|
Vulnerability in wordpress (CVE-2026-12119)
vulnerability in wordpress (CVE-2026-12119). Data can be tampered with by attackers.
|
| CVE-2026-11912 |
|
Vulnerability in wordpress (CVE-2026-11912)
vulnerability in wordpress (CVE-2026-11912). Data can be tampered with by attackers.
|
| CVE-2026-11911 |
|
Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
|
| CVE-2026-9843 |
|
Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
|
| CVE-2026-9265 |
|
Out-of-Bounds Read in CVE-2026-9265 (CVE-2026-9265)
vulnerability in CVE-2026-9265 (CVE-2026-9265). Confidential information can be exposed externally.
|
| CVE-2026-56216 |
|
Privilege Escalation in CVE-2026-56216 (CVE-2026-56216)
vulnerability in CVE-2026-56216 (CVE-2026-56216). Successful exploitation can lead to full system takeover. Exploitable via `POST /functions/v1/apikey`.
|
| CVE-2026-56212 |
|
Privilege Escalation in CVE-2026-56212 (CVE-2026-56212)
vulnerability in CVE-2026-56212 (CVE-2026-56212). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56214 |
|
Information Disclosure in CVE-2026-56214 (CVE-2026-56214)
vulnerability in CVE-2026-56214 (CVE-2026-56214). Confidential information can be exposed externally.
|
| CVE-2026-56213 |
|
Vulnerability in CVE-2026-56213 (CVE-2026-56213)
vulnerability in CVE-2026-56213 (CVE-2026-56213). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56082 |
|
Vulnerability in dos (CVE-2026-56082)
vulnerability in dos (CVE-2026-56082). Data can be tampered with by attackers.
|
| CVE-2026-56080 |
|
Authentication Bypass in dos (CVE-2026-56080)
authentication bypass in dos (CVE-2026-56080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56079 |
|
Information Disclosure in CVE-2026-56079 (CVE-2026-56079)
vulnerability in CVE-2026-56079 (CVE-2026-56079). Confidential information can be exposed externally.
|
| CVE-2026-55878 |
|
Path Traversal in symfony/ux-toolkit (CVE-2026-55878)
path traversal in symfony/ux-toolkit (CVE-2026-55878). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-55877 |
|
Cross-Site Scripting (XSS) in symfony/ux-icons (CVE-2026-55877)
cross-site scripting in symfony/ux-icons (CVE-2026-55877). Risk of unauthorized operations or information disclosure. Exploitable via ``body``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-32208 |
|
Cross-Site Scripting (XSS) in microsoft (CVE-2026-32208)
cross-site scripting in microsoft (CVE-2026-32208). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42895 |
|
Command Injection in microsoft (CVE-2026-42895)
command injection in microsoft (CVE-2026-42895). Data can be tampered with by attackers.
|
| CVE-2026-47645 |
|
Open Redirect in microsoft (CVE-2026-47645)
vulnerability in microsoft (CVE-2026-47645). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48582 |
|
Vulnerability in microsoft (CVE-2026-48582)
vulnerability in microsoft (CVE-2026-48582). Confidential information can be exposed externally.
|
| CVE-2026-9375 |
|
Vulnerability in dos (CVE-2026-9375)
vulnerability in dos (CVE-2026-9375). Risk of unauthorized operations or information disclosure. Exploitable via ``response.py``.
|
| CVE-2026-45480 |
|
Authentication Bypass in microsoft (CVE-2026-45480)
authentication bypass in microsoft (CVE-2026-45480). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50519 |
|
Vulnerability in microsoft (CVE-2026-50519)
vulnerability in microsoft (CVE-2026-50519). Confidential information can be exposed externally.
|
| CVE-2026-48584 |
|
Vulnerability in microsoft (CVE-2026-48584)
vulnerability in microsoft (CVE-2026-48584). Successful exploitation can lead to full system takeover.
|
| CVE-2023-54357 |
|
Vulnerability in CVE-2023-54357 (CVE-2023-54357)
vulnerability in CVE-2023-54357 (CVE-2023-54357). Confidential information can be exposed externally.
|
| CVE-2026-12726 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-12726 (CVE-2026-12726)
SSRF in CVE-2026-12726 (CVE-2026-12726). Confidential information can be exposed externally.
|
| CVE-2026-12238 |
|
Vulnerability in wordpress (CVE-2026-12238)
vulnerability in wordpress (CVE-2026-12238). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27878 |
|
Vulnerability in dos (CVE-2026-27878)
vulnerability in dos (CVE-2026-27878). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55447 |
|
Vulnerability in langflow (CVE-2026-55447)
vulnerability in langflow (CVE-2026-55447). Successful exploitation can lead to full system takeover. Exploitable via ``BaseFileComponent``. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2026-55446 |
|
Vulnerability in langflow (CVE-2026-55446)
vulnerability in langflow (CVE-2026-55446). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/files/upload/test`. Mitigation: upgrade to `1.0.19` or later.
|
| CVE-2026-50559 |
|
Authentication Bypass in c (CVE-2026-50559)
authentication bypass in c (CVE-2026-50559). Confidential information can be exposed externally.
|
| CVE-2026-48794 |
|
Vulnerability in github.com/authelia/authelia/v4 (CVE-2026-48794)
vulnerability in github.com/authelia/authelia/v4 (CVE-2026-48794). Risk of unauthorized operations or information disclosure. Exploitable via ``a.b.example.com``. Mitigation: upgrade to `4.39.20` or later.
|
| CVE-2026-49337 |
|
Vulnerability in CVE-2026-49337 (CVE-2026-49337)
vulnerability in CVE-2026-49337 (CVE-2026-49337). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49295 |
|
Out-of-Bounds Write in struktur (CVE-2026-49295)
out-of-bounds write in struktur (CVE-2026-49295). Risk of unauthorized operations or information disclosure. Exploitable via ``PocStFoll``.
|
| CVE-2026-49346 |
|
Vulnerability in struktur (CVE-2026-49346)
vulnerability in struktur (CVE-2026-49346). Risk of unauthorized operations or information disclosure. Exploitable via ``size_t``.
|