Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-11464 Information Disclosure in CVE-2026-11464 (CVE-2026-11464)
vulnerability in CVE-2026-11464 (CVE-2026-11464). Risk of unauthorized operations or information disclosure.
CVE-2026-11463 A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of...
A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of...
CVE-2026-11462 A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
CVE-2026-11457 Vulnerability in c (CVE-2026-11457)
vulnerability in c (CVE-2026-11457). Risk of unauthorized operations or information disclosure.
CVE-2026-11456 Vulnerability in sqli (CVE-2026-11456)
vulnerability in sqli (CVE-2026-11456). Risk of unauthorized operations or information disclosure.
CVE-2026-11408 Command Injection in CVE-2026-11408 (CVE-2026-11408)
command injection in CVE-2026-11408 (CVE-2026-11408). Risk of unauthorized operations or information disclosure.
CVE-2026-9016 Vulnerability in wordpress (CVE-2026-9016)
vulnerability in wordpress (CVE-2026-9016). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_ajax_nopriv_log_js_errors``.
CVE-2026-9280 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9280)
cross-site scripting in wordpress (CVE-2026-9280). Risk of unauthorized operations or information disclosure.
CVE-2026-7795 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7795)
cross-site scripting in wordpress (CVE-2026-7795). Risk of unauthorized operations or information disclosure.
CVE-2026-7566 Unsafe Deserialization in wordpress (CVE-2026-7566)
vulnerability in wordpress (CVE-2026-7566). Successful exploitation can lead to full system takeover.
CVE-2026-2500 Path Traversal in csharp (CVE-2026-2500)
path traversal in csharp (CVE-2026-2500). Confidential information can be exposed externally. Exploitable via ``filename``.
CVE-2026-9281 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9281)
cross-site scripting in wordpress (CVE-2026-9281). Risk of unauthorized operations or information disclosure.
CVE-2026-8438 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8438)
cross-site scripting in wordpress (CVE-2026-8438). Risk of unauthorized operations or information disclosure.
CVE-2026-9290 Path Traversal in wordpress (CVE-2026-9290)
path traversal in wordpress (CVE-2026-9290). Confidential information can be exposed externally.
CVE-2026-7654 Unsafe Deserialization in wordpress (CVE-2026-7654)
vulnerability in wordpress (CVE-2026-7654). Successful exploitation can lead to full system takeover. Exploitable via ``allowed_classes``.
CVE-2026-11422 Vulnerability in CVE-2026-11422 (CVE-2026-11422)
vulnerability in CVE-2026-11422 (CVE-2026-11422). Confidential information can be exposed externally.
CVE-2026-11400 CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CVE-2026-46400 Unrestricted File Upload in CVE-2026-46400 (CVE-2026-46400)
vulnerability in CVE-2026-46400 (CVE-2026-46400). Risk of unauthorized operations or information disclosure.
CVE-2026-46401 Vulnerability in CVE-2026-46401 (CVE-2026-46401)
vulnerability in CVE-2026-46401 (CVE-2026-46401). Risk of unauthorized operations or information disclosure.
CVE-2026-46493 Vulnerability in CVE-2026-46493 (CVE-2026-46493)
vulnerability in CVE-2026-46493 (CVE-2026-46493). Confidential information can be exposed externally. Exploitable via ``uniqid``.
CVE-2026-46397 Path Traversal in CVE-2026-46397 (CVE-2026-46397)
path traversal in CVE-2026-46397 (CVE-2026-46397). Confidential information can be exposed externally.
CVE-2026-46398 Vulnerability in CVE-2026-46398 (CVE-2026-46398)
vulnerability in CVE-2026-46398 (CVE-2026-46398). Risk of unauthorized operations or information disclosure.
CVE-2026-45778 Cross-Site Scripting (XSS) in buffalo (CVE-2026-45778)
cross-site scripting in buffalo (CVE-2026-45778). Risk of unauthorized operations or information disclosure.
CVE-2026-11401 AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-46392 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
CVE-2026-46394 OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
OS command injection in CVE-2026-46394 (CVE-2026-46394). Risk of unauthorized operations or information disclosure.
CVE-2026-46399 Vulnerability in CVE-2026-46399 (CVE-2026-46399)
vulnerability in CVE-2026-46399 (CVE-2026-46399). Risk of unauthorized operations or information disclosure.
CVE-2026-46390 Vulnerability in CVE-2026-46390 (CVE-2026-46390)
vulnerability in CVE-2026-46390 (CVE-2026-46390). Risk of unauthorized operations or information disclosure.
CVE-2026-50733 Vulnerability in CVE-2026-50733 (CVE-2026-50733)
vulnerability in CVE-2026-50733 (CVE-2026-50733). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
CVE-2026-11342 Vulnerability in sqli (CVE-2026-11342)
vulnerability in sqli (CVE-2026-11342). Risk of unauthorized operations or information disclosure.
CVE-2026-11344 Vulnerability in CVE-2026-11344 (CVE-2026-11344)
vulnerability in CVE-2026-11344 (CVE-2026-11344). Risk of unauthorized operations or information disclosure.
CVE-2026-48111 Out-of-Bounds Read in cpp (CVE-2026-48111)
vulnerability in cpp (CVE-2026-48111). Risk of unauthorized operations or information disclosure.
CVE-2026-48103 Out-of-Bounds Read in cpp (CVE-2026-48103)
vulnerability in cpp (CVE-2026-48103). Risk of unauthorized operations or information disclosure.
CVE-2026-11339 Vulnerability in c (CVE-2026-11339)
vulnerability in c (CVE-2026-11339). Risk of unauthorized operations or information disclosure.
CVE-2026-11337 Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
cross-site scripting in CVE-2026-11337 (CVE-2026-11337). Risk of unauthorized operations or information disclosure.
CVE-2026-48017 Code Injection in dbgate-api (CVE-2026-48017)
code injection in dbgate-api (CVE-2026-48017). Successful exploitation can lead to full system takeover. Exploitable via `POST /runners/load-reader`. Mitigation: upgrade to `7.1.9` or later.
CVE-2026-47387 Cross-Site Scripting (XSS) in nocodb (CVE-2026-47387)
cross-site scripting in nocodb (CVE-2026-47387). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect_url``. Mitigation: upgrade to `2026.05.1` or later.
CVE-2026-48102 Out-of-Bounds Read in cpp (CVE-2026-48102)
vulnerability in cpp (CVE-2026-48102). Risk of unauthorized operations or information disclosure.
CVE-2026-11336 Vulnerability in CVE-2026-11336 (CVE-2026-11336)
vulnerability in CVE-2026-11336 (CVE-2026-11336). Risk of unauthorized operations or information disclosure.
CVE-2026-47376 Cross-Site Scripting (XSS) in nocodb (CVE-2026-47376)
cross-site scripting in nocodb (CVE-2026-47376). Risk of unauthorized operations or information disclosure. Exploitable via ``dataset.token``. Mitigation: upgrade to `2026.04.1` or later.
CVE-2026-10879 Out-of-Bounds Write in perl (CVE-2026-10879)
out-of-bounds write in perl (CVE-2026-10879). Successful exploitation can lead to full system takeover.
CVE-2026-38579 Cross-Site Scripting (XSS) in CVE-2026-38579 (CVE-2026-38579)
cross-site scripting in CVE-2026-38579 (CVE-2026-38579). Risk of unauthorized operations or information disclosure.
CVE-2026-11335 Vulnerability in CVE-2026-11335 (CVE-2026-11335)
vulnerability in CVE-2026-11335 (CVE-2026-11335). Risk of unauthorized operations or information disclosure.
CVE-2026-11334 Vulnerability in sqli (CVE-2026-11334)
vulnerability in sqli (CVE-2026-11334). Risk of unauthorized operations or information disclosure.
CVE-2026-11333 Vulnerability in CVE-2026-11333 (CVE-2026-11333)
vulnerability in CVE-2026-11333 (CVE-2026-11333). Risk of unauthorized operations or information disclosure.
CVE-2026-50234 Path Traversal in c (CVE-2026-50234)
path traversal in c (CVE-2026-50234). Confidential information can be exposed externally.
CVE-2026-50233 Vulnerability in CVE-2026-50233 (CVE-2026-50233)
vulnerability in CVE-2026-50233 (CVE-2026-50233). Risk of unauthorized operations or information disclosure.
CVE-2026-50235 Cross-Site Scripting (XSS) in CVE-2026-50235 (CVE-2026-50235)
cross-site scripting in CVE-2026-50235 (CVE-2026-50235). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →