Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50230 |
|
Cross-Site Scripting (XSS) in CVE-2026-50230 (CVE-2026-50230)
cross-site scripting in CVE-2026-50230 (CVE-2026-50230). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11329 |
|
Vulnerability in CVE-2026-11329 (CVE-2026-11329)
vulnerability in CVE-2026-11329 (CVE-2026-11329). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11345 |
|
Authentication Bypass in CVE-2026-11345 (CVE-2026-11345)
authentication bypass in CVE-2026-11345 (CVE-2026-11345). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48907 KEV |
|
[KEV] Vulnerability in widget factory (CVE-2026-48907)
vulnerability in widget factory (CVE-2026-48907). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21825 |
|
Cross-Site Scripting (XSS) in hcltech (CVE-2026-21825)
cross-site scripting in hcltech (CVE-2026-21825). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10732 |
|
Vulnerability in path-traversal (CVE-2026-10732)
vulnerability in path-traversal (CVE-2026-10732). Data can be tampered with by attackers.
|
| CVE-2026-7763 |
|
Vulnerability in c (CVE-2026-7763)
vulnerability in c (CVE-2026-7763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10877 |
|
Vulnerability in sqli (CVE-2026-10877)
vulnerability in sqli (CVE-2026-10877). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11088 |
|
Vulnerability in c (CVE-2026-11088)
vulnerability in c (CVE-2026-11088). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11014 |
|
Vulnerability in c (CVE-2026-11014)
vulnerability in c (CVE-2026-11014). Data can be tampered with by attackers.
|
| CVE-2026-10995 |
|
Vulnerability in c (CVE-2026-10995)
vulnerability in c (CVE-2026-10995). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10940 |
|
Vulnerability in c (CVE-2026-10940)
vulnerability in c (CVE-2026-10940). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10912 |
|
Vulnerability in c (CVE-2026-10912)
vulnerability in c (CVE-2026-10912). Data can be tampered with by attackers.
|
| CVE-2026-10905 |
|
Use-After-Free in c (CVE-2026-10905)
vulnerability in c (CVE-2026-10905). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10899 |
|
Use-After-Free in c (CVE-2026-10899)
vulnerability in c (CVE-2026-10899). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10874 |
|
Vulnerability in sqli (CVE-2026-10874)
vulnerability in sqli (CVE-2026-10874). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5066 |
|
Out-of-Bounds Write in c (CVE-2026-5066)
out-of-bounds write in c (CVE-2026-5066). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5589 |
|
Out-of-Bounds Write in c (CVE-2026-5589)
out-of-bounds write in c (CVE-2026-5589). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41518 |
|
Cross-Site Scripting (XSS) in CVE-2026-41518 (CVE-2026-41518)
cross-site scripting in CVE-2026-41518 (CVE-2026-41518). Confidential information can be exposed externally. Exploitable via ``ChartDatasetConfig.legend``.
|
| CVE-2026-48480 |
|
Vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-48480)
vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-48480). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.22.Final` or later.
|
| CVE-2025-71316 |
|
Vulnerability in c (CVE-2025-71316)
vulnerability in c (CVE-2025-71316). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65640 |
|
Cross-Site Scripting (XSS) in CVE-2025-65640 (CVE-2025-65640)
cross-site scripting in CVE-2025-65640 (CVE-2025-65640). Confidential information can be exposed externally.
|
| CVE-2026-48040 |
|
Out-of-Bounds Read in io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (CVE-2026-48040)
vulnerability in io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (CVE-2026-48040). Confidential information can be exposed externally. Exploitable via ``sun.misc.Unsafe``. Mitigation: upgrade to `0.0.22.Final` or later.
|
| CVE-2026-25551 |
|
Unsafe Deserialization in csharp (CVE-2026-25551)
vulnerability in csharp (CVE-2026-25551). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25550 |
|
Vulnerability in csharp (CVE-2026-25550)
vulnerability in csharp (CVE-2026-25550). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10796 |
|
OS Command Injection in openjsf (CVE-2026-10796)
OS command injection in openjsf (CVE-2026-10796). Successful exploitation can lead to full system takeover. Exploitable via ``eval``.
|
| CVE-2026-50076 |
|
Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
|
| CVE-2026-43986 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)
SSRF in ssrf (CVE-2026-43986). Confidential information can be exposed externally. Exploitable via ``image_hash_lookup``.
|
| CVE-2026-43985 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-43985)
vulnerability in csrf (CVE-2026-43985). Successful exploitation can lead to full system takeover. Exploitable via ``configUpdate``.
|
| CVE-2026-43984 |
|
Cross-Site Scripting (XSS) in CVE-2026-43984 (CVE-2026-43984)
cross-site scripting in CVE-2026-43984 (CVE-2026-43984). Confidential information can be exposed externally. Exploitable via ``log_js_errors``.
|
| CVE-2026-10815 |
|
Vulnerability in CVE-2026-10815 (CVE-2026-10815)
vulnerability in CVE-2026-10815 (CVE-2026-10815). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10863 |
|
Vulnerability in sqli (CVE-2026-10863)
vulnerability in sqli (CVE-2026-10863). Confidential information can be exposed externally.
|
| CVE-2026-10811 |
|
Vulnerability in sqli (CVE-2026-10811)
vulnerability in sqli (CVE-2026-10811). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10810 |
|
Cross-Site Scripting (XSS) in CVE-2026-10810 (CVE-2026-10810)
cross-site scripting in CVE-2026-10810 (CVE-2026-10810). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10809 |
|
Vulnerability in sqli (CVE-2026-10809)
vulnerability in sqli (CVE-2026-10809). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10807 |
|
Vulnerability in CVE-2026-10807 (CVE-2026-10807)
vulnerability in CVE-2026-10807 (CVE-2026-10807). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10808 |
|
Vulnerability in sqli (CVE-2026-10808)
vulnerability in sqli (CVE-2026-10808). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10806 |
|
Vulnerability in CVE-2026-10806 (CVE-2026-10806)
vulnerability in CVE-2026-10806 (CVE-2026-10806). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25739 |
|
Cross-Site Scripting (XSS) in CVE-2019-25739 (CVE-2019-25739)
cross-site scripting in CVE-2019-25739 (CVE-2019-25739). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25734 |
|
Path Traversal in csrf (CVE-2019-25734)
path traversal in csrf (CVE-2019-25734). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25744 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2019-25744)
cross-site scripting in wordpress (CVE-2019-25744). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25742 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2019-25742)
cross-site scripting in wordpress (CVE-2019-25742). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25738 |
|
Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25732 |
|
SQL Injection in sqli (CVE-2019-25732)
SQL injection in sqli (CVE-2019-25732). Confidential information can be exposed externally.
|
| CVE-2019-25731 |
|
Cross-Site Scripting (XSS) in CVE-2019-25731 (CVE-2019-25731)
cross-site scripting in CVE-2019-25731 (CVE-2019-25731). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25730 |
|
SQL Injection in sqli (CVE-2019-25730)
SQL injection in sqli (CVE-2019-25730). Confidential information can be exposed externally.
|
| CVE-2019-25728 |
|
SQL Injection in sqli (CVE-2019-25728)
SQL injection in sqli (CVE-2019-25728). Confidential information can be exposed externally.
|
| CVE-2019-25729 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2019-25729)
vulnerability in csrf (CVE-2019-25729). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25727 |
|
Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41065 |
|
Vulnerability in CVE-2026-41065 (CVE-2026-41065)
vulnerability in CVE-2026-41065 (CVE-2026-41065). Risk of unauthorized operations or information disclosure.
|