Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12602 |
|
Vulnerability in c (CVE-2026-12602)
vulnerability in c (CVE-2026-12602). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10561 |
|
Code Injection in langflow (CVE-2026-10561)
code injection in langflow (CVE-2026-10561). Successful exploitation can lead to full system takeover.
|
| CVE-2025-33128 |
|
Cross-Site Scripting (XSS) in ibm (CVE-2025-33128)
cross-site scripting in ibm (CVE-2025-33128). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12581 |
|
Vulnerability in csharp (CVE-2026-12581)
vulnerability in csharp (CVE-2026-12581). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12580 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2026-12580)
cross-site scripting in csharp (CVE-2026-12580). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-45795 |
|
Cross-Site Scripting (XSS) in CVE-2023-45795 (CVE-2023-45795)
cross-site scripting in CVE-2023-45795 (CVE-2023-45795). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56397 |
|
Cross-Site Scripting (XSS) in CVE-2026-56397 (CVE-2026-56397)
cross-site scripting in CVE-2026-56397 (CVE-2026-56397). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56395 |
|
Cross-Site Scripting (XSS) in CVE-2026-56395 (CVE-2026-56395)
cross-site scripting in CVE-2026-56395 (CVE-2026-56395). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56393 |
|
Cross-Site Scripting (XSS) in CVE-2026-56393 (CVE-2026-56393)
cross-site scripting in CVE-2026-56393 (CVE-2026-56393). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.17.0-beta.1` or later.
|
| CVE-2026-56382 |
|
Code Injection in CVE-2026-56382 (CVE-2026-56382)
code injection in CVE-2026-56382 (CVE-2026-56382). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56383 |
|
Cross-Site Scripting (XSS) in CVE-2026-56383 (CVE-2026-56383)
cross-site scripting in CVE-2026-56383 (CVE-2026-56383). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.16.19` or later.
|
| CVE-2026-56381 |
|
Cross-Site Scripting (XSS) in CVE-2026-56381 (CVE-2026-56381)
cross-site scripting in CVE-2026-56381 (CVE-2026-56381). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56367 |
|
Out-of-Bounds Read in c (CVE-2026-56367)
vulnerability in c (CVE-2026-56367). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12789 |
|
Vulnerability in sqli (CVE-2026-12789)
vulnerability in sqli (CVE-2026-12789). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12775 |
|
Vulnerability in sqli (CVE-2026-12775)
vulnerability in sqli (CVE-2026-12775). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12776 |
|
Vulnerability in sqli (CVE-2026-12776)
vulnerability in sqli (CVE-2026-12776). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56346 |
|
Vulnerability in CVE-2026-56346 (CVE-2026-56346)
vulnerability in CVE-2026-56346 (CVE-2026-56346). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56347 |
|
Cross-Site Scripting (XSS) in CVE-2026-56347 (CVE-2026-56347)
cross-site scripting in CVE-2026-56347 (CVE-2026-56347). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56341 |
|
Vulnerability in csharp (CVE-2026-56341)
vulnerability in csharp (CVE-2026-56341). Confidential information can be exposed externally.
|
| CVE-2026-56342 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-56342 (CVE-2026-56342)
SSRF in CVE-2026-56342 (CVE-2026-56342). Confidential information can be exposed externally.
|
| CVE-2026-56345 |
|
Authentication Bypass in CVE-2026-56345 (CVE-2026-56345)
authentication bypass in CVE-2026-56345 (CVE-2026-56345). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71331 |
|
Vulnerability in flowiseai (CVE-2025-71331)
vulnerability in flowiseai (CVE-2025-71331). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50972 |
|
Code Injection in CVE-2022-50972 (CVE-2022-50972)
code injection in CVE-2022-50972 (CVE-2022-50972). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25763 |
|
Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48908 KEV |
|
[KEV] Unrestricted File Upload in Joomshaper ollyo (CVE-2026-48908)
vulnerability in Joomshaper ollyo (CVE-2026-48908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-48939 |
|
Unrestricted File Upload in joomlic (CVE-2026-48939)
vulnerability in joomlic (CVE-2026-48939). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12119 |
|
Vulnerability in wordpress (CVE-2026-12119)
vulnerability in wordpress (CVE-2026-12119). Data can be tampered with by attackers.
|
| CVE-2026-11911 |
|
Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
|
| CVE-2026-9843 |
|
Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
|
| CVE-2026-55878 |
|
Path Traversal in symfony/ux-toolkit (CVE-2026-55878)
path traversal in symfony/ux-toolkit (CVE-2026-55878). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-55877 |
|
Cross-Site Scripting (XSS) in symfony/ux-icons (CVE-2026-55877)
cross-site scripting in symfony/ux-icons (CVE-2026-55877). Risk of unauthorized operations or information disclosure. Exploitable via ``body``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2023-54357 |
|
Vulnerability in CVE-2023-54357 (CVE-2023-54357)
vulnerability in CVE-2023-54357 (CVE-2023-54357). Confidential information can be exposed externally.
|
| CVE-2026-50559 |
|
Authentication Bypass in c (CVE-2026-50559)
authentication bypass in c (CVE-2026-50559). Confidential information can be exposed externally.
|
| CVE-2026-55206 |
|
Vulnerability in py7zr (CVE-2026-55206)
vulnerability in py7zr (CVE-2026-55206). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.1.3` or later.
|
| CVE-2026-55195 |
|
Vulnerability in py7zr (CVE-2026-55195)
vulnerability in py7zr (CVE-2026-55195). Risk of unauthorized operations or information disclosure. Exploitable via ``zipfile``. Mitigation: upgrade to `1.1.3` or later.
|
| CVE-2026-55791 |
|
Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55791)
cross-site scripting in craftcms/cms (CVE-2026-55791). Risk of unauthorized operations or information disclosure. Exploitable via ``trustedHosts``. Mitigation: upgrade to `4.18` or later.
|
| CVE-2026-54074 |
|
Code Injection in @tinacms/cli (CVE-2026-54074)
code injection in @tinacms/cli (CVE-2026-54074). Successful exploitation can lead to full system takeover. Exploitable via ``addVariablesToCode``. Mitigation: upgrade to `2.4.3` or later.
|
| CVE-2026-54911 |
|
Vulnerability in ujson (CVE-2026-54911)
vulnerability in ujson (CVE-2026-54911). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.13.0` or later.
|
| CVE-2026-54906 |
|
Vulnerability in concurrent-ruby (CVE-2026-54906)
vulnerability in concurrent-ruby (CVE-2026-54906). Successful exploitation can lead to full system takeover. Exploitable via ``release_write_lock``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-54905 |
|
Vulnerability in concurrent-ruby (CVE-2026-54905)
vulnerability in concurrent-ruby (CVE-2026-54905). Confidential information can be exposed externally. Exploitable via ``WRITE_LOCK_HELD``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-54904 |
|
Vulnerability in concurrent-ruby (CVE-2026-54904)
vulnerability in concurrent-ruby (CVE-2026-54904). Risk of unauthorized operations or information disclosure. Exploitable via ``compare_and_set``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-54903 |
|
Vulnerability in oj (CVE-2026-54903)
vulnerability in oj (CVE-2026-54903). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54902 |
|
Use-After-Free in oj (CVE-2026-54902)
vulnerability in oj (CVE-2026-54902). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_end``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54901 |
|
Use-After-Free in oj (CVE-2026-54901)
vulnerability in oj (CVE-2026-54901). Risk of unauthorized operations or information disclosure. Exploitable via ``array_class``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54900 |
|
Vulnerability in oj (CVE-2026-54900)
vulnerability in oj (CVE-2026-54900). Risk of unauthorized operations or information disclosure. Exploitable via ``create_id``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54784 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54784)
vulnerability in CoreWCF.Primitives (CVE-2026-54784). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54783 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54783)
vulnerability in CoreWCF.Primitives (CVE-2026-54783). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54782 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54782)
vulnerability in CoreWCF.Primitives (CVE-2026-54782). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54781 |
|
Authentication Bypass in CoreWCF.Primitives (CVE-2026-54781)
authentication bypass in CoreWCF.Primitives (CVE-2026-54781). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54780 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54780)
vulnerability in CoreWCF.Primitives (CVE-2026-54780). Risk of unauthorized operations or information disclosure. Exploitable via ``SignatureMethod``. Mitigation: upgrade to `1.9.1` or later.
|