Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41156 |
|
Use-After-Free in CVE-2026-41156 (CVE-2026-41156)
vulnerability in CVE-2026-41156 (CVE-2026-41156). Data can be tampered with by attackers.
|
| CVE-2026-34192 |
|
Use-After-Free in CVE-2026-34192 (CVE-2026-34192)
vulnerability in CVE-2026-34192 (CVE-2026-34192). Data can be tampered with by attackers.
|
| CVE-2026-56138 |
|
Path Traversal in path-traversal (CVE-2026-56138)
path traversal in path-traversal (CVE-2026-56138). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11576 |
|
Vulnerability in eclipse (CVE-2026-11576)
vulnerability in eclipse (CVE-2026-11576). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46461 |
|
Vulnerability in dell (CVE-2026-46461)
vulnerability in dell (CVE-2026-46461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6798 |
|
Vulnerability in wordpress (CVE-2026-6798)
vulnerability in wordpress (CVE-2026-6798). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3640 |
|
Vulnerability in wordpress (CVE-2026-3640)
vulnerability in wordpress (CVE-2026-3640). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4328 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-4328)
SSRF in wordpress (CVE-2026-4328). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9013 |
|
Vulnerability in wordpress (CVE-2026-9013)
vulnerability in wordpress (CVE-2026-9013). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54414 |
|
Path Traversal in path-traversal (CVE-2026-54414)
path traversal in path-traversal (CVE-2026-54414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.16.0` or later.
|
| CVE-2026-7547 |
|
Path Traversal in wordpress (CVE-2026-7547)
path traversal in wordpress (CVE-2026-7547). Confidential information can be exposed externally.
|
| CVE-2026-8713 |
|
Path Traversal in wordpress (CVE-2026-8713)
path traversal in wordpress (CVE-2026-8713). Data can be tampered with by attackers.
|
| CVE-2026-12430 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12430)
cross-site scripting in wordpress (CVE-2026-12430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1856 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-1856)
cross-site scripting in wordpress (CVE-2026-1856). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12157 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12157)
cross-site scripting in wordpress (CVE-2026-12157). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56131 |
|
Use-After-Free in libexpat-project (CVE-2026-56131)
vulnerability in libexpat-project (CVE-2026-56131). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7515 |
|
Vulnerability in wordpress (CVE-2026-7515)
vulnerability in wordpress (CVE-2026-7515). Successful exploitation can lead to full system takeover. Exploitable via ``doc_style``.
|
| CVE-2026-8118 |
|
Vulnerability in wordpress (CVE-2026-8118)
vulnerability in wordpress (CVE-2026-8118). Confidential information can be exposed externally.
|
| CVE-2026-11989 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11989)
SSRF in wordpress (CVE-2026-11989). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10034 |
|
Vulnerability in wordpress (CVE-2026-10034)
vulnerability in wordpress (CVE-2026-10034). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10779 |
|
Vulnerability in wordpress (CVE-2026-10779)
vulnerability in wordpress (CVE-2026-10779). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10720 |
|
Vulnerability in github.com/canonical/microceph/microceph (CVE-2026-10720)
vulnerability in github.com/canonical/microceph/microceph (CVE-2026-10720). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.0-20260609072127-5c2760d8fb76` or later.
|
| CVE-2026-11775 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-11775)
vulnerability in wordpress (CVE-2026-11775). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8805 |
|
Vulnerability in dos (CVE-2026-8805)
vulnerability in dos (CVE-2026-8805). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50195 |
|
Vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195)
vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195). Successful exploitation can lead to full system takeover. Exploitable via ``IfNotPresent``. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-12049 |
|
Open Redirect in pgadmin (CVE-2026-12049)
vulnerability in pgadmin (CVE-2026-12049). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52866 |
|
Vulnerability in CVE-2026-52866 (CVE-2026-52866)
vulnerability in CVE-2026-52866 (CVE-2026-52866). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12048 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-12048)
cross-site scripting in react (CVE-2026-12048). Confidential information can be exposed externally.
|
| CVE-2026-12047 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-12047)
cross-site scripting in react (CVE-2026-12047). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12050 |
|
SQL Injection in sqli (CVE-2026-12050)
SQL injection in sqli (CVE-2026-12050). Risk of unauthorized operations or information disclosure. Exploitable via `POST /browser/server/restore_point/{gid}/{sid}`.
|
| CVE-2026-12045 |
|
Command Injection in pgadmin (CVE-2026-12045)
command injection in pgadmin (CVE-2026-12045). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12044 |
|
SQL Injection in sqli (CVE-2026-12044)
SQL injection in sqli (CVE-2026-12044). Successful exploitation can lead to full system takeover. Exploitable via ``qtLiteral``.
|
| CVE-2026-56077 |
|
Vulnerability in CVE-2026-56077 (CVE-2026-56077)
vulnerability in CVE-2026-56077 (CVE-2026-56077). Confidential information can be exposed externally.
|
| CVE-2026-56075 |
|
Authorization Flaw in CVE-2026-56075 (CVE-2026-56075)
vulnerability in CVE-2026-56075 (CVE-2026-56075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56074 |
|
Authorization Flaw in praisonai (CVE-2026-56074)
vulnerability in praisonai (CVE-2026-56074). Confidential information can be exposed externally. Exploitable via ``execute_command``. Mitigation: upgrade to `4.5.128` or later.
|
| CVE-2026-12046 |
|
Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
|
| CVE-2026-56078 |
|
Path Traversal in praisonai (CVE-2026-56078)
path traversal in praisonai (CVE-2026-56078). Successful exploitation can lead to full system takeover. Exploitable via ``MultiAgentLedger``. Mitigation: upgrade to `1.5.115` or later.
|
| CVE-2026-8100 |
|
Vulnerability in CVE-2026-8100 (CVE-2026-8100)
vulnerability in CVE-2026-8100 (CVE-2026-8100). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54130 |
|
Vulnerability in microsoft (CVE-2026-54130)
vulnerability in microsoft (CVE-2026-54130). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47633 |
|
Information Disclosure in microsoft (CVE-2026-47633)
vulnerability in microsoft (CVE-2026-47633). Confidential information can be exposed externally.
|
| CVE-2026-47647 |
|
Vulnerability in microsoft (CVE-2026-47647)
vulnerability in microsoft (CVE-2026-47647). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49205 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-49205)
vulnerability in thorsten/phpmyfaq (CVE-2026-49205). Confidential information can be exposed externally. Exploitable via `POST /api/v4.0/category`. Mitigation: upgrade to `4.1.4` or later.
|
| CVE-2026-32174 |
|
Authentication Bypass in microsoft (CVE-2026-32174)
authentication bypass in microsoft (CVE-2026-32174). Data can be tampered with by attackers.
|
| CVE-2026-22674 |
|
Cross-Site Scripting (XSS) in CVE-2026-22674 (CVE-2026-22674)
cross-site scripting in CVE-2026-22674 (CVE-2026-22674). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15661 |
|
Out-of-Bounds Read in c (CVE-2025-15661)
vulnerability in c (CVE-2025-15661). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56099 |
|
Out-of-Bounds Read in c (CVE-2026-56099)
vulnerability in c (CVE-2026-56099). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48937 |
|
Vulnerability in CVE-2026-48937 (CVE-2026-48937)
vulnerability in CVE-2026-48937 (CVE-2026-48937). Risk of unauthorized operations or information disclosure. Exploitable via ``GOAWAY``.
|
| CVE-2026-12390 |
|
Vulnerability in CVE-2026-12390 (CVE-2026-12390)
vulnerability in CVE-2026-12390 (CVE-2026-12390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47833 |
|
Vulnerability in privilege-escalation (CVE-2026-47833)
vulnerability in privilege-escalation (CVE-2026-47833). Confidential information can be exposed externally.
|
| CVE-2026-49257 |
|
Vulnerability in mcp-pinot-server (CVE-2026-49257)
vulnerability in mcp-pinot-server (CVE-2026-49257). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`. Mitigation: upgrade to `3.1.0` or later.
|