Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49286 |
|
Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-49260 |
|
OS Command Injection in pontedilana/php-weasyprint (CVE-2026-49260)
OS command injection in pontedilana/php-weasyprint (CVE-2026-49260). Successful exploitation can lead to full system takeover. Exploitable via ``master``. Mitigation: upgrade to `2.5.1` or later.
|
| CVE-2026-52910 |
|
Out-of-Bounds Read in c (CVE-2026-52910)
vulnerability in c (CVE-2026-52910). Successful exploitation can lead to full system takeover.
|
| CVE-2023-54353 |
|
Vulnerability in c (CVE-2023-54353)
vulnerability in c (CVE-2023-54353). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49358 |
|
Vulnerability in pontedilana/php-weasyprint (CVE-2026-49358)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49358). Risk of unauthorized operations or information disclosure. Exploitable via ``realpath``. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-55767 |
|
Vulnerability in guzzlehttp/guzzle (CVE-2026-55767)
vulnerability in guzzlehttp/guzzle (CVE-2026-55767). Risk of unauthorized operations or information disclosure. Exploitable via ``CookieJar``. Mitigation: upgrade to `7.12.1` or later.
|
| CVE-2026-55766 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-55766)
vulnerability in guzzlehttp/psr7 (CVE-2026-55766). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `2.12.1` or later.
|
| CVE-2026-55568 |
|
Vulnerability in guzzlehttp/guzzle (CVE-2026-55568)
vulnerability in guzzlehttp/guzzle (CVE-2026-55568). Confidential information can be exposed externally. Exploitable via ``proxy``. Mitigation: upgrade to `7.12.1` or later.
|
| CVE-2026-56132 |
|
Vulnerability in c (CVE-2026-56132)
vulnerability in c (CVE-2026-56132). Confidential information can be exposed externally.
|
| CVE-2026-8713 |
|
Path Traversal in wordpress (CVE-2026-8713)
path traversal in wordpress (CVE-2026-8713). Data can be tampered with by attackers.
|
| CVE-2026-54414 |
|
Path Traversal in path-traversal (CVE-2026-54414)
path traversal in path-traversal (CVE-2026-54414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.16.0` or later.
|
| CVE-2026-8118 |
|
Vulnerability in wordpress (CVE-2026-8118)
vulnerability in wordpress (CVE-2026-8118). Confidential information can be exposed externally.
|
| CVE-2026-7515 |
|
Vulnerability in wordpress (CVE-2026-7515)
vulnerability in wordpress (CVE-2026-7515). Successful exploitation can lead to full system takeover. Exploitable via ``doc_style``.
|
| CVE-2026-12048 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-12048)
cross-site scripting in react (CVE-2026-12048). Confidential information can be exposed externally.
|
| CVE-2026-12047 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-12047)
cross-site scripting in react (CVE-2026-12047). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12049 |
|
Open Redirect in pgadmin (CVE-2026-12049)
vulnerability in pgadmin (CVE-2026-12049). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22674 |
|
Cross-Site Scripting (XSS) in CVE-2026-22674 (CVE-2026-22674)
cross-site scripting in CVE-2026-22674 (CVE-2026-22674). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56099 |
|
Out-of-Bounds Read in c (CVE-2026-56099)
vulnerability in c (CVE-2026-56099). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15661 |
|
Out-of-Bounds Read in c (CVE-2025-15661)
vulnerability in c (CVE-2025-15661). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48937 |
|
Vulnerability in CVE-2026-48937 (CVE-2026-48937)
vulnerability in CVE-2026-48937 (CVE-2026-48937). Risk of unauthorized operations or information disclosure. Exploitable via ``GOAWAY``.
|
| CVE-2026-49257 |
|
Vulnerability in mcp-pinot-server (CVE-2026-49257)
vulnerability in mcp-pinot-server (CVE-2026-49257). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-44663 |
|
Vulnerability in cpp (CVE-2026-44663)
vulnerability in cpp (CVE-2026-44663). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48716 |
|
Path Traversal in CVE-2026-48716 (CVE-2026-48716)
path traversal in CVE-2026-48716 (CVE-2026-48716). Data can be tampered with by attackers.
|
| CVE-2026-43915 |
|
Cross-Site Scripting (XSS) in coturn-project (CVE-2026-43915)
cross-site scripting in coturn-project (CVE-2026-43915). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48617 |
|
Vulnerability in CVE-2026-48617 (CVE-2026-48617)
vulnerability in CVE-2026-48617 (CVE-2026-48617). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55204 |
|
Vulnerability in c (CVE-2026-55204)
vulnerability in c (CVE-2026-55204). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38716 |
|
Command Injection in inhandnetworks (CVE-2026-38716)
command injection in inhandnetworks (CVE-2026-38716). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38714 |
|
Command Injection in inhandnetworks (CVE-2026-38714)
command injection in inhandnetworks (CVE-2026-38714). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55237 |
|
Vulnerability in CVE-2026-55237 (CVE-2026-55237)
vulnerability in CVE-2026-55237 (CVE-2026-55237). Confidential information can be exposed externally. Exploitable via ``next``.
|
| CVE-2026-8461 |
|
Out-of-Bounds Write in c (CVE-2026-8461)
out-of-bounds write in c (CVE-2026-8461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54419 |
|
SQL Injection in sqli (CVE-2026-54419)
SQL injection in sqli (CVE-2026-54419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40457 |
|
Cross-Site Scripting (XSS) in CVE-2026-40457 (CVE-2026-40457)
cross-site scripting in CVE-2026-40457 (CVE-2026-40457). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42487 |
|
Vulnerability in c (CVE-2026-42487)
vulnerability in c (CVE-2026-42487). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54219 |
|
Cross-Site Scripting (XSS) in CVE-2026-54219 (CVE-2026-54219)
cross-site scripting in CVE-2026-54219 (CVE-2026-54219). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54221 |
|
Cross-Site Scripting (XSS) in CVE-2026-54221 (CVE-2026-54221)
cross-site scripting in CVE-2026-54221 (CVE-2026-54221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40455 |
|
SQL Injection in sqli (CVE-2026-40455)
SQL injection in sqli (CVE-2026-40455). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11958 |
|
Vulnerability in c (CVE-2026-11958)
vulnerability in c (CVE-2026-11958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55661 |
|
Cross-Site Scripting (XSS) in tinacms (CVE-2026-55661)
cross-site scripting in tinacms (CVE-2026-55661). Risk of unauthorized operations or information disclosure. Exploitable via ``url``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-55603 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55603)
vulnerability in http-proxy-middleware (CVE-2026-55603). Data can be tampered with by attackers. Exploitable via ``req.body``. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-55602 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55602)
vulnerability in http-proxy-middleware (CVE-2026-55602). Data can be tampered with by attackers. Exploitable via ``router``. Mitigation: upgrade to `2.0.10` or later.
|
| CVE-2026-55388 |
|
Code Injection in piscina (CVE-2026-55388)
code injection in piscina (CVE-2026-55388). Successful exploitation can lead to full system takeover. Exploitable via `POST /upload`. Mitigation: upgrade to `6.0.0-rc.2` or later.
|
| CVE-2026-55746 |
|
Cross-Site Scripting (XSS) in cotonti/cotonti (CVE-2026-55746)
cross-site scripting in cotonti/cotonti (CVE-2026-55746). Confidential information can be exposed externally.
|
| CVE-2026-55745 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55745)
vulnerability in cotonti/cotonti (CVE-2026-55745). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9815 |
|
Vulnerability in wordpress (CVE-2026-9815)
vulnerability in wordpress (CVE-2026-9815). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55742 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55741 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55744 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
|
| CVE-2026-55740 |
|
SQL Injection in sqli (CVE-2026-55740)
SQL injection in sqli (CVE-2026-55740). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9860 |
|
Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48768 |
|
Path Traversal in CVE-2026-48768 (CVE-2026-48768)
path traversal in CVE-2026-48768 (CVE-2026-48768). Data can be tampered with by attackers. Exploitable via `POST /api/blocks/file-input/v3/generate-upload-url`.
|