Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-7380 |
|
Vulnerability in CVE-2026-7380 (CVE-2026-7380)
vulnerability in CVE-2026-7380 (CVE-2026-7380). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-36321 |
|
Vulnerability in ibm (CVE-2025-36321)
vulnerability in ibm (CVE-2025-36321). Confidential information can be exposed externally.
|
| CVE-2026-50229 |
|
Vulnerability in apache (CVE-2026-50229)
vulnerability in apache (CVE-2026-50229). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-64637 |
|
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
|
| CVE-2026-13314 |
|
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
|
| CVE-2026-13225 |
|
Vulnerability in CVE-2026-13225 (CVE-2026-13225)
vulnerability in CVE-2026-13225 (CVE-2026-13225). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57533 |
|
Vulnerability in CVE-2026-57533 (CVE-2026-57533)
vulnerability in CVE-2026-57533 (CVE-2026-57533). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57535 |
|
Vulnerability in ssrf (CVE-2026-57535)
vulnerability in ssrf (CVE-2026-57535). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57532 |
|
Vulnerability in CVE-2026-57532 (CVE-2026-57532)
vulnerability in CVE-2026-57532 (CVE-2026-57532). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57534 |
|
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
|
| CVE-2026-52816 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52816)
vulnerability in gogs.io/gogs (CVE-2026-52816). Risk of unauthorized operations or information disclosure. Exploitable via `POST /-/api/sanitize_ipynb`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2025-62198 |
|
Vulnerability in apache (CVE-2025-62198)
vulnerability in apache (CVE-2025-62198). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12812 |
|
Vulnerability in CVE-2026-12812 (CVE-2026-12812)
vulnerability in CVE-2026-12812 (CVE-2026-12812). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71331 |
|
Vulnerability in flowiseai (CVE-2025-71331)
vulnerability in flowiseai (CVE-2025-71331). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50146 |
|
Vulnerability in astro (CVE-2026-50146)
vulnerability in astro (CVE-2026-50146). Data can be tampered with by attackers. Exploitable via ``astro.config.mjs``. Mitigation: upgrade to `6.3.3` or later.
|
| CVE-2026-34033 |
|
Cross-Site Scripting (XSS) in apache (CVE-2026-34033)
cross-site scripting in apache (CVE-2026-34033). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11511 |
|
Vulnerability in CVE-2026-11511 (CVE-2026-11511)
vulnerability in CVE-2026-11511 (CVE-2026-11511). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9646 |
|
A reflected cross-site scripting issue exists in URL handling.
A reflected cross-site scripting issue exists in URL handling.
|
| CVE-2026-44839 |
|
Vulnerability in rabbitmq (CVE-2026-44839)
vulnerability in rabbitmq (CVE-2026-44839). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-39642 |
|
Vulnerability in CVE-2026-39642 (CVE-2026-39642)
vulnerability in CVE-2026-39642 (CVE-2026-39642). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71310 |
|
Vulnerability in CVE-2025-71310 (CVE-2025-71310)
vulnerability in CVE-2025-71310 (CVE-2025-71310). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46492 |
|
Vulnerability in md-fileserver (CVE-2026-46492)
vulnerability in md-fileserver (CVE-2026-46492). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.10.3` or later.
|
| CVE-2026-34246 |
|
Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45346 |
|
Vulnerability in open-webui (CVE-2026-45346)
vulnerability in open-webui (CVE-2026-45346). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.31` or later.
|
| CVE-2025-15345 |
|
Vulnerability in wordpress (CVE-2025-15345)
vulnerability in wordpress (CVE-2025-15345). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44369 |
|
Vulnerability in CVE-2026-44369 (CVE-2026-44369)
vulnerability in CVE-2026-44369 (CVE-2026-44369). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.64.0` or later.
|
| CVE-2026-44259 |
|
Vulnerability in CVE-2026-44259 (CVE-2026-44259)
vulnerability in CVE-2026-44259 (CVE-2026-44259). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.08.010` or later.
|
| CVE-2026-41611 |
|
Command Injection in microsoft (CVE-2026-41611)
command injection in microsoft (CVE-2026-41611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43938 |
|
Vulnerability in YAFNET.Core (CVE-2026-43938)
vulnerability in YAFNET.Core (CVE-2026-43938). Confidential information can be exposed externally. Exploitable via `GET /api/Attachments/GetAttachment`. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2026-43939 |
|
Vulnerability in YAFNET.Core (CVE-2026-43939)
vulnerability in YAFNET.Core (CVE-2026-43939). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2021-47948 |
|
Vulnerability in wordpress (CVE-2021-47948)
vulnerability in wordpress (CVE-2021-47948). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20170 |
|
Vulnerability in Cisco webex-contact-center (CVE-2026-20170)
vulnerability in Cisco webex-contact-center (CVE-2026-20170). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42451 |
|
Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
|
| CVE-2026-42030 |
|
Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41575 |
|
Cross-Site Scripting (XSS) in th30d4y (CVE-2026-41575)
cross-site scripting in th30d4y (CVE-2026-41575). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44264 |
|
Cross-Site Scripting (XSS) in weblate (CVE-2026-44264)
cross-site scripting in weblate (CVE-2026-44264). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.17.1` or later.
|
| CVE-2026-35453 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2025-13505 |
|
Cross-Site Scripting (XSS) in datateam (CVE-2025-13505)
cross-site scripting in datateam (CVE-2025-13505). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-51989 |
|
Vulnerability in CVE-2025-51989 (CVE-2025-51989)
vulnerability in CVE-2025-51989 (CVE-2025-51989). Confidential information can be exposed externally.
|
| CVE-2024-11404 |
|
Vulnerability in django-filer (CVE-2024-11404)
vulnerability in django-filer (CVE-2024-11404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.0` or later.
|
| CVE-2024-9147 |
|
Vulnerability in bna (CVE-2024-9147)
vulnerability in bna (CVE-2024-9147). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-2010 |
|
Cross-Site Scripting (XSS) in tebilisim (CVE-2024-2010)
cross-site scripting in tebilisim (CVE-2024-2010). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-13965 KEV |
|
[KEV] Vulnerability in Roundcube webmail (CVE-2020-13965)
vulnerability in Roundcube webmail (CVE-2020-13965). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-4663 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2023-4663)
cross-site scripting in adobe (CVE-2023-4663). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-1013 |
|
Vulnerability in dizayn (CVE-2023-1013)
vulnerability in dizayn (CVE-2023-1013). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-44197 |
|
Cross-Site Scripting (XSS) in ubit (CVE-2021-44197)
cross-site scripting in ubit (CVE-2021-44197). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-44196 |
|
Cross-Site Scripting (XSS) in ubit (CVE-2021-44196)
cross-site scripting in ubit (CVE-2021-44196). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-35278 |
|
Cross-Site Scripting (XSS) in org.apache.activemq:artemis-server (CVE-2022-35278)
cross-site scripting in org.apache.activemq:artemis-server (CVE-2022-35278). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2022-35509 |
|
Cross-Site Scripting (XSS) in eyoucms (CVE-2022-35509)
cross-site scripting in eyoucms (CVE-2022-35509). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-19943 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Qnap network-attached-storage-nas (CVE-2018-19943)
cross-site scripting in Qnap network-attached-storage-nas (CVE-2018-19943). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|