Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-35011 |
|
Cross-Site Scripting (XSS) in CVE-2026-35011 (CVE-2026-35011)
cross-site scripting in CVE-2026-35011 (CVE-2026-35011). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35012 |
|
Cross-Site Scripting (XSS) in CVE-2026-35012 (CVE-2026-35012)
cross-site scripting in CVE-2026-35012 (CVE-2026-35012). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35013 |
|
Cross-Site Scripting (XSS) in CVE-2026-35013 (CVE-2026-35013)
cross-site scripting in CVE-2026-35013 (CVE-2026-35013). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35014 |
|
Cross-Site Scripting (XSS) in CVE-2026-35014 (CVE-2026-35014)
cross-site scripting in CVE-2026-35014 (CVE-2026-35014). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35015 |
|
Cross-Site Scripting (XSS) in CVE-2026-35015 (CVE-2026-35015)
cross-site scripting in CVE-2026-35015 (CVE-2026-35015). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35007 |
|
Cross-Site Scripting (XSS) in CVE-2026-35007 (CVE-2026-35007)
cross-site scripting in CVE-2026-35007 (CVE-2026-35007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35008 |
|
Cross-Site Scripting (XSS) in CVE-2026-35008 (CVE-2026-35008)
cross-site scripting in CVE-2026-35008 (CVE-2026-35008). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2813 |
|
Open Redirect in esri (CVE-2026-2813)
vulnerability in esri (CVE-2026-2813). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33137 |
|
Vulnerability in org.xwiki.platform:xwiki-platform-rest-server (CVE-2026-33137)
vulnerability in org.xwiki.platform:xwiki-platform-rest-server (CVE-2026-33137). Risk of unauthorized operations or information disclosure. Exploitable via `POST /wikis/{wikiName}`. Mitigation: upgrade to `18.1.0-rc-1` or later.
|
| CVE-2026-24188 |
|
Out-of-Bounds Write in CVE-2026-24188 (CVE-2026-24188)
out-of-bounds write in CVE-2026-24188 (CVE-2026-24188). Data can be tampered with by attackers.
|
| CVE-2026-23734 |
|
Vulnerability in org.xwiki.commons:xwiki-commons-classloader-api (CVE-2026-23734)
vulnerability in org.xwiki.commons:xwiki-commons-classloader-api (CVE-2026-23734). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.0.0-rc-1` or later.
|
| CVE-2026-24216 |
|
Unsafe Deserialization in dos (CVE-2026-24216)
vulnerability in dos (CVE-2026-24216). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2812 |
|
Authentication Bypass in esri (CVE-2026-2812)
authentication bypass in esri (CVE-2026-2812). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26028 |
|
Vulnerability in cryptpad (CVE-2026-26028)
vulnerability in cryptpad (CVE-2026-26028). Risk of unauthorized operations or information disclosure. Exploitable via ``jscolor.js``.
|
| CVE-2026-24218 |
|
Vulnerability in dos (CVE-2026-24218)
vulnerability in dos (CVE-2026-24218). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20239 |
|
Vulnerability in splunk (CVE-2026-20239)
vulnerability in splunk (CVE-2026-20239). Successful exploitation can lead to full system takeover. Exploitable via ``_internal``.
|
| CVE-2026-20238 |
|
Authorization Flaw in splunk (CVE-2026-20238)
vulnerability in splunk (CVE-2026-20238). Confidential information can be exposed externally. Exploitable via ``srchFilter``.
|
| CVE-2026-20240 |
|
Vulnerability in dos (CVE-2026-20240)
vulnerability in dos (CVE-2026-20240). Risk of unauthorized operations or information disclosure. Exploitable via ``coldToFrozen.sh``.
|
| CVE-2026-30691 |
|
Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer (CVE-2026-30691)
cross-site scripting in @cyntler/react-doc-viewer (CVE-2026-30691). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9101 |
|
Vulnerability in CVE-2026-9101 (CVE-2026-9101)
vulnerability in CVE-2026-9101 (CVE-2026-9101). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9100 |
|
Vulnerability in c (CVE-2026-9100)
vulnerability in c (CVE-2026-9100). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7613 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7613)
cross-site scripting in wordpress (CVE-2026-7613). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44923 |
|
SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
|
| CVE-2026-44924 |
|
InfoScale VIOM 9.1.3 allows XSS.
InfoScale VIOM 9.1.3 allows XSS.
|
| CVE-2026-44925 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-44925)
vulnerability in csrf (CVE-2026-44925). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44926 |
|
InfoScale CmdServer before 7.4.2 mishandles access control.
InfoScale CmdServer before 7.4.2 mishandles access control.
|
| CVE-2026-9084 |
|
Authentication Bypass in CVE-2026-9084 (CVE-2026-9084)
authentication bypass in CVE-2026-9084 (CVE-2026-9084). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8486 |
|
Vulnerability in progress (CVE-2026-8486)
vulnerability in progress (CVE-2026-8486). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8488 |
|
Vulnerability in progress (CVE-2026-8488)
vulnerability in progress (CVE-2026-8488). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8487 |
|
Vulnerability in progress (CVE-2026-8487)
vulnerability in progress (CVE-2026-8487). Confidential information can be exposed externally.
|
| CVE-2026-4293 |
|
Cross-Site Scripting (XSS) in CVE-2026-4293 (CVE-2026-4293)
cross-site scripting in CVE-2026-4293 (CVE-2026-4293). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5783 |
|
Cross-Site Scripting (XSS) in CVE-2026-5783 (CVE-2026-5783)
cross-site scripting in CVE-2026-5783 (CVE-2026-5783). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39047 |
|
Vulnerability in CVE-2026-39047 (CVE-2026-39047)
vulnerability in CVE-2026-39047 (CVE-2026-39047). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20199 |
|
Vulnerability in Cisco thousandeyes-virtual-appliance (CVE-2026-20199)
vulnerability in Cisco thousandeyes-virtual-appliance (CVE-2026-20199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20206 |
|
OS Command Injection in cisco (CVE-2026-20206)
OS command injection in cisco (CVE-2026-20206). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20223 |
|
Vulnerability in Cisco secure-workload (CVE-2026-20223)
vulnerability in Cisco secure-workload (CVE-2026-20223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20171 |
|
Vulnerability in Cisco dos (CVE-2026-20171)
vulnerability in Cisco dos (CVE-2026-20171). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35672 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35672)
vulnerability in thorsten/phpmyfaq (CVE-2026-35672). Data can be tampered with by attackers. Exploitable via `POST /api/v4.0/faq/create`. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-56268 |
|
Authorization Flaw in flowise (CVE-2026-56268)
vulnerability in flowise (CVE-2026-56268). Confidential information can be exposed externally. Exploitable via ``keyonly``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46430 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-46430)
vulnerability in github.com/xyproto/algernon (CVE-2026-46430). Risk of unauthorized operations or information disclosure. Exploitable via ``http.Server.Addr``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-45792 |
|
Vulnerability in rtk (CVE-2026-45792)
vulnerability in rtk (CVE-2026-45792). Data can be tampered with by attackers. Exploitable via ``strip_lines_matching``. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-8467 |
|
Code Injection in phoenix_storybook (CVE-2026-8467)
code injection in phoenix_storybook (CVE-2026-8467). Risk of unauthorized operations or information disclosure. Exploitable via ``Kernel``. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-8469 |
|
Vulnerability in phoenix_storybook (CVE-2026-8469)
vulnerability in phoenix_storybook (CVE-2026-8469). Risk of unauthorized operations or information disclosure. Exploitable via ``PhoenixStorybook.Story.Playground``. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-24425 |
|
Vulnerability in twig/twig (CVE-2026-24425)
vulnerability in twig/twig (CVE-2026-24425). Successful exploitation can lead to full system takeover. Exploitable via ``SourcePolicyInterface``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-22554 |
|
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
|
| CVE-2026-21836 |
|
Vulnerability in CVE-2026-21836 (CVE-2026-21836)
vulnerability in CVE-2026-21836 (CVE-2026-21836). Confidential information can be exposed externally.
|
| CVE-2026-45389 |
|
Vulnerability in tls (CVE-2026-45389)
vulnerability in tls (CVE-2026-45389). Confidential information can be exposed externally. Mitigation: upgrade to `2.1.0, b1a598ef9be83a4f8b0f73a4e2d9730d50906049` or later.
|
| CVE-2026-45388 |
|
Vulnerability in tls (CVE-2026-45388)
vulnerability in tls (CVE-2026-45388). Confidential information can be exposed externally. Mitigation: upgrade to `2.1.0, 6a12247b3fbd747972ad2d35b74d9a89f6404952` or later.
|
| CVE-2026-5946 |
|
Vulnerability in isc (CVE-2026-5946)
vulnerability in isc (CVE-2026-5946). Risk of unauthorized operations or information disclosure. Exploitable via ``named``.
|
| CVE-2026-5947 |
|
Vulnerability in isc (CVE-2026-5947)
vulnerability in isc (CVE-2026-5947). Risk of unauthorized operations or information disclosure.
|