Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-5068 |
|
Out-of-Bounds Write in c (CVE-2026-5068)
out-of-bounds write in c (CVE-2026-5068). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8981 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8981)
cross-site scripting in wordpress (CVE-2026-8981). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9662 |
|
Vulnerability in wordpress (CVE-2026-9662)
vulnerability in wordpress (CVE-2026-9662). Successful exploitation can lead to full system takeover. Exploitable via ``tpf``.
|
| CVE-2026-8907 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8907)
vulnerability in wordpress (CVE-2026-8907). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8940 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8940)
vulnerability in wordpress (CVE-2026-8940). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8895 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8895)
cross-site scripting in wordpress (CVE-2026-8895). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7662 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7662)
cross-site scripting in wordpress (CVE-2026-7662). Risk of unauthorized operations or information disclosure. Exploitable via ``epaperflip_embed``.
|
| CVE-2026-8499 |
|
Vulnerability in wordpress (CVE-2026-8499)
vulnerability in wordpress (CVE-2026-8499). Risk of unauthorized operations or information disclosure. Exploitable via ``token``.
|
| CVE-2026-41846 |
|
Cross-Site Scripting (XSS) in spring (CVE-2026-41846)
cross-site scripting in spring (CVE-2026-41846). Confidential information can be exposed externally.
|
| CVE-2026-41845 |
|
Cross-Site Scripting (XSS) in spring (CVE-2026-41845)
cross-site scripting in spring (CVE-2026-41845). Confidential information can be exposed externally.
|
| CVE-2026-11603 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11603)
cross-site scripting in wordpress (CVE-2026-11603). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11623 |
|
Buffer Overflow in c (CVE-2026-11623)
vulnerability in c (CVE-2026-11623). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11619 |
|
Vulnerability in CVE-2026-11619 (CVE-2026-11619)
vulnerability in CVE-2026-11619 (CVE-2026-11619). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11618 |
|
Authentication Bypass in CVE-2026-11618 (CVE-2026-11618)
authentication bypass in CVE-2026-11618 (CVE-2026-11618). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44746 |
|
Cross-Site Scripting (XSS) in CVE-2026-44746 (CVE-2026-44746)
cross-site scripting in CVE-2026-44746 (CVE-2026-44746). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40128 |
|
Vulnerability in path-traversal (CVE-2026-40128)
vulnerability in path-traversal (CVE-2026-40128). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11693 |
|
Vulnerability in c (CVE-2026-11693)
vulnerability in c (CVE-2026-11693). Confidential information can be exposed externally.
|
| CVE-2026-11691 |
|
Vulnerability in c (CVE-2026-11691)
vulnerability in c (CVE-2026-11691). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47734 |
|
Vulnerability in dulwich (CVE-2026-47734)
vulnerability in dulwich (CVE-2026-47734). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-47712 |
|
Path Traversal in dulwich (CVE-2026-47712)
path traversal in dulwich (CVE-2026-47712). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-47244 |
|
Vulnerability in io.netty:netty-codec-http2 (CVE-2026-47244)
vulnerability in io.netty:netty-codec-http2 (CVE-2026-47244). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-45536 |
|
Information Disclosure in io.netty:netty-transport-native-epoll (CVE-2026-45536)
vulnerability in io.netty:netty-transport-native-epoll (CVE-2026-45536). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-45034 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-45034)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-45034). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_url``. Mitigation: upgrade to `1.30.5` or later.
|
| CVE-2026-11585 |
|
Vulnerability in sqli (CVE-2026-11585)
vulnerability in sqli (CVE-2026-11585). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11584 |
|
Vulnerability in sqli (CVE-2026-11584)
vulnerability in sqli (CVE-2026-11584). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40519 |
|
OS Command Injection in nginx (CVE-2026-40519)
OS command injection in nginx (CVE-2026-40519). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11582 |
|
Vulnerability in sqli (CVE-2026-11582)
vulnerability in sqli (CVE-2026-11582). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11583 |
|
Vulnerability in sqli (CVE-2026-11583)
vulnerability in sqli (CVE-2026-11583). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11393 |
|
Code Injection in Amazon aws (CVE-2026-11393)
code injection in Amazon aws (CVE-2026-11393). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52778 |
|
Code Injection in dos (CVE-2026-52778)
code injection in dos (CVE-2026-52778). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11559 |
|
Vulnerability in sqli (CVE-2026-11559)
vulnerability in sqli (CVE-2026-11559). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11558 |
|
Vulnerability in sqli (CVE-2026-11558)
vulnerability in sqli (CVE-2026-11558). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44892 |
|
Vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892). Risk of unauthorized operations or information disclosure. Exploitable via ``Http3ConnectionHandler``. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-42890 |
|
Code Injection in actual (CVE-2026-42890)
code injection in actual (CVE-2026-42890). Risk of unauthorized operations or information disclosure. Exploitable via ``actual``. Mitigation: upgrade to `26.5.0` or later.
|
| CVE-2026-11552 |
|
Vulnerability in CVE-2026-11552 (CVE-2026-11552)
vulnerability in CVE-2026-11552 (CVE-2026-11552). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41479 |
|
Open Redirect in authlib (CVE-2026-41479)
vulnerability in authlib (CVE-2026-41479). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect_uri``. Mitigation: upgrade to `1.7.1` or later.
|
| CVE-2026-46313 |
|
Vulnerability in c (CVE-2026-46313)
vulnerability in c (CVE-2026-46313). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46312 |
|
Vulnerability in c (CVE-2026-46312)
vulnerability in c (CVE-2026-46312). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46307 |
|
Out-of-Bounds Read in c (CVE-2026-46307)
vulnerability in c (CVE-2026-46307). Confidential information can be exposed externally.
|
| CVE-2026-46303 |
|
Vulnerability in c (CVE-2026-46303)
vulnerability in c (CVE-2026-46303). Confidential information can be exposed externally.
|
| CVE-2026-46297 |
|
Vulnerability in c (CVE-2026-46297)
vulnerability in c (CVE-2026-46297). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46295 |
|
Vulnerability in c (CVE-2026-46295)
vulnerability in c (CVE-2026-46295). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46289 |
|
Vulnerability in c (CVE-2026-46289)
vulnerability in c (CVE-2026-46289). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46287 |
|
Vulnerability in c (CVE-2026-46287)
vulnerability in c (CVE-2026-46287). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25856 |
|
Code Injection in c (CVE-2026-25856)
code injection in c (CVE-2026-25856). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11532 |
|
Vulnerability in CVE-2026-11532 (CVE-2026-11532)
vulnerability in CVE-2026-11532 (CVE-2026-11532). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11534 |
|
Cross-Site Scripting (XSS) in CVE-2026-11534 (CVE-2026-11534)
cross-site scripting in CVE-2026-11534 (CVE-2026-11534). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11531 |
|
Vulnerability in sqli (CVE-2026-11531)
vulnerability in sqli (CVE-2026-11531). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11533 |
|
Vulnerability in CVE-2026-11533 (CVE-2026-11533)
vulnerability in CVE-2026-11533 (CVE-2026-11533). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49233 |
|
Path Traversal in routinator (CVE-2026-49233)
path traversal in routinator (CVE-2026-49233). Confidential information can be exposed externally. Mitigation: upgrade to `0.15.2` or later.
|