Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40510 |
|
Vulnerability in c (CVE-2026-40510)
vulnerability in c (CVE-2026-40510). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40528 |
|
Vulnerability in c (CVE-2026-40528)
vulnerability in c (CVE-2026-40528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48527 |
|
Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-48527)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-48527). Confidential information can be exposed externally. Exploitable via `POST /system/api/saveNode`. Mitigation: upgrade to `26.0.1` or later.
|
| CVE-2026-45551 |
|
Cross-Site Scripting (XSS) in CVE-2026-45551 (CVE-2026-45551)
cross-site scripting in CVE-2026-45551 (CVE-2026-45551). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.25` or later.
|
| CVE-2026-45043 |
|
Privilege Escalation in privilege-escalation (CVE-2026-45043)
vulnerability in privilege-escalation (CVE-2026-45043). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /rustfs/admin/v3/import-iam`. Mitigation: upgrade to `1.0.0-beta.2` or later.
|
| CVE-2026-9559 |
|
Path Traversal in mautic/core (CVE-2026-9559)
path traversal in mautic/core (CVE-2026-9559). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-10057 |
|
Cross-Site Scripting (XSS) in CVE-2026-10057 (CVE-2026-10057)
cross-site scripting in CVE-2026-10057 (CVE-2026-10057). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10058 |
|
Cross-Site Scripting (XSS) in CVE-2026-10058 (CVE-2026-10058)
cross-site scripting in CVE-2026-10058 (CVE-2026-10058). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11262 |
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
| CVE-2026-8732 |
|
Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6275 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6275)
cross-site scripting in wordpress (CVE-2026-6275). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11993 |
|
Unsafe Deserialization in wordpress (CVE-2025-11993)
vulnerability in wordpress (CVE-2025-11993). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2128 |
|
Information Disclosure in wordpress (CVE-2026-2128)
vulnerability in wordpress (CVE-2026-2128). Risk of unauthorized operations or information disclosure. Exploitable via ``wordpress_logged_in_``.
|
| CVE-2026-7430 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7430)
cross-site scripting in wordpress (CVE-2026-7430). Risk of unauthorized operations or information disclosure. Exploitable via ``WPEditor.php``.
|
| CVE-2026-9872 |
|
Out-of-Bounds Write in Google chrome (CVE-2026-9872)
out-of-bounds write in Google chrome (CVE-2026-9872). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9998 |
|
Vulnerability in c (CVE-2026-9998)
vulnerability in c (CVE-2026-9998). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42563 |
|
OS Command Injection in dulwich (CVE-2026-42563)
OS command injection in dulwich (CVE-2026-42563). Risk of unauthorized operations or information disclosure. Exploitable via ``ProcessMergeDriver``. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-42305 |
|
Path Traversal in dulwich (CVE-2026-42305)
path traversal in dulwich (CVE-2026-42305). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-45343 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2026-45343)
cross-site scripting in csrf (CVE-2026-45343). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.6` or later.
|
| CVE-2026-46840 |
|
Vulnerability in c (CVE-2026-46840)
vulnerability in c (CVE-2026-46840). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46842 |
|
Vulnerability in c (CVE-2026-46842)
vulnerability in c (CVE-2026-46842). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46841 |
|
Information Disclosure in c (CVE-2026-46841)
vulnerability in c (CVE-2026-46841). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46839 |
|
Vulnerability in c (CVE-2026-46839)
vulnerability in c (CVE-2026-46839). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46843 |
|
Vulnerability in c (CVE-2026-46843)
vulnerability in c (CVE-2026-46843). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9645 |
|
OS Command Injection in CVE-2026-9645 (CVE-2026-9645)
OS command injection in CVE-2026-9645 (CVE-2026-9645). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46828 |
|
Vulnerability in c (CVE-2026-46828)
vulnerability in c (CVE-2026-46828). Confidential information can be exposed externally.
|
| CVE-2026-46827 |
|
Privilege Escalation in c (CVE-2026-46827)
vulnerability in c (CVE-2026-46827). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46826 |
|
Vulnerability in c (CVE-2026-46826)
vulnerability in c (CVE-2026-46826). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46834 |
|
Vulnerability in c (CVE-2026-46834)
vulnerability in c (CVE-2026-46834). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46835 |
|
Vulnerability in c (CVE-2026-46835)
vulnerability in c (CVE-2026-46835). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46837 |
|
Privilege Escalation in c (CVE-2026-46837)
vulnerability in c (CVE-2026-46837). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46829 |
|
Vulnerability in c (CVE-2026-46829)
vulnerability in c (CVE-2026-46829). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46830 |
|
Information Disclosure in c (CVE-2026-46830)
vulnerability in c (CVE-2026-46830). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46823 |
|
Authorization Flaw in c (CVE-2026-46823)
vulnerability in c (CVE-2026-46823). Confidential information can be exposed externally.
|
| CVE-2026-46833 |
|
Vulnerability in c (CVE-2026-46833)
vulnerability in c (CVE-2026-46833). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46818 |
|
Vulnerability in c (CVE-2026-46818)
vulnerability in c (CVE-2026-46818). Confidential information can be exposed externally.
|
| CVE-2026-46817 |
|
Privilege Escalation in c (CVE-2026-46817)
vulnerability in c (CVE-2026-46817). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46821 |
|
Vulnerability in c (CVE-2026-46821)
vulnerability in c (CVE-2026-46821). Confidential information can be exposed externally.
|
| CVE-2026-46824 |
|
Privilege Escalation in c (CVE-2026-46824)
vulnerability in c (CVE-2026-46824). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46822 |
|
Vulnerability in c (CVE-2026-46822)
vulnerability in c (CVE-2026-46822). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46819 |
|
Vulnerability in c (CVE-2026-46819)
vulnerability in c (CVE-2026-46819). Confidential information can be exposed externally.
|
| CVE-2026-46820 |
|
Vulnerability in c (CVE-2026-46820)
vulnerability in c (CVE-2026-46820). Confidential information can be exposed externally.
|
| CVE-2026-46775 |
|
Vulnerability in c (CVE-2026-46775)
vulnerability in c (CVE-2026-46775). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35266 |
|
Vulnerability in c (CVE-2026-35266)
vulnerability in c (CVE-2026-35266). Confidential information can be exposed externally.
|
| CVE-2026-34311 |
|
Vulnerability in c (CVE-2026-34311)
vulnerability in c (CVE-2026-34311). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35277 |
|
Vulnerability in c (CVE-2026-35277)
vulnerability in c (CVE-2026-35277). Confidential information can be exposed externally.
|
| CVE-2026-33464 |
|
Vulnerability in elk (CVE-2026-33464)
vulnerability in elk (CVE-2026-33464). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.4.2` or later.
|
| CVE-2026-46685 |
|
Vulnerability in CVE-2026-46685 (CVE-2026-46685)
vulnerability in CVE-2026-46685 (CVE-2026-46685). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.0-beta.2` or later.
|
| CVE-2026-47136 |
|
Information Disclosure in CVE-2026-47136 (CVE-2026-47136)
vulnerability in CVE-2026-47136 (CVE-2026-47136). Risk of unauthorized operations or information disclosure. Exploitable via `GET /rustfs/console/license`. Mitigation: upgrade to `1.0.0-beta.2` or later.
|
| CVE-2026-45040 |
|
Vulnerability in CVE-2026-45040 (CVE-2026-45040)
vulnerability in CVE-2026-45040 (CVE-2026-45040). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.0-beta.2` or later.
|