Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44062 |
|
Out-of-Bounds Write in c (CVE-2026-44062)
out-of-bounds write in c (CVE-2026-44062). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6279 |
|
Vulnerability in wordpress (CVE-2026-6279)
vulnerability in wordpress (CVE-2026-6279). Successful exploitation can lead to full system takeover. Exploitable via ``wp_conditional_tags``.
|
| CVE-2026-40094 |
|
Vulnerability in CVE-2026-40094 (CVE-2026-40094)
vulnerability in CVE-2026-40094 (CVE-2026-40094). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9137 |
|
Vulnerability in c (CVE-2026-9137)
vulnerability in c (CVE-2026-9137). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9144 |
|
Cross-Site Scripting (XSS) in CVE-2026-9144 (CVE-2026-9144)
cross-site scripting in CVE-2026-9144 (CVE-2026-9144). Confidential information can be exposed externally.
|
| CVE-2026-9139 |
|
Vulnerability in CVE-2026-9139 (CVE-2026-9139)
vulnerability in CVE-2026-9139 (CVE-2026-9139). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35016 |
|
Cross-Site Scripting (XSS) in CVE-2026-35016 (CVE-2026-35016)
cross-site scripting in CVE-2026-35016 (CVE-2026-35016). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39311 |
|
Cross-Site Scripting (XSS) in CVE-2026-39311 (CVE-2026-39311)
cross-site scripting in CVE-2026-39311 (CVE-2026-39311). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35015 |
|
Cross-Site Scripting (XSS) in CVE-2026-35015 (CVE-2026-35015)
cross-site scripting in CVE-2026-35015 (CVE-2026-35015). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35014 |
|
Cross-Site Scripting (XSS) in CVE-2026-35014 (CVE-2026-35014)
cross-site scripting in CVE-2026-35014 (CVE-2026-35014). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35013 |
|
Cross-Site Scripting (XSS) in CVE-2026-35013 (CVE-2026-35013)
cross-site scripting in CVE-2026-35013 (CVE-2026-35013). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35012 |
|
Cross-Site Scripting (XSS) in CVE-2026-35012 (CVE-2026-35012)
cross-site scripting in CVE-2026-35012 (CVE-2026-35012). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35011 |
|
Cross-Site Scripting (XSS) in CVE-2026-35011 (CVE-2026-35011)
cross-site scripting in CVE-2026-35011 (CVE-2026-35011). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35010 |
|
Cross-Site Scripting (XSS) in CVE-2026-35010 (CVE-2026-35010)
cross-site scripting in CVE-2026-35010 (CVE-2026-35010). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35009 |
|
Cross-Site Scripting (XSS) in CVE-2026-35009 (CVE-2026-35009)
cross-site scripting in CVE-2026-35009 (CVE-2026-35009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35008 |
|
Cross-Site Scripting (XSS) in CVE-2026-35008 (CVE-2026-35008)
cross-site scripting in CVE-2026-35008 (CVE-2026-35008). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35007 |
|
Cross-Site Scripting (XSS) in CVE-2026-35007 (CVE-2026-35007)
cross-site scripting in CVE-2026-35007 (CVE-2026-35007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26028 |
|
Vulnerability in cryptpad (CVE-2026-26028)
vulnerability in cryptpad (CVE-2026-26028). Risk of unauthorized operations or information disclosure. Exploitable via ``jscolor.js``.
|
| CVE-2026-30691 |
|
Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer (CVE-2026-30691)
cross-site scripting in @cyntler/react-doc-viewer (CVE-2026-30691). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9100 |
|
Vulnerability in c (CVE-2026-9100)
vulnerability in c (CVE-2026-9100). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4293 |
|
Cross-Site Scripting (XSS) in CVE-2026-4293 (CVE-2026-4293)
cross-site scripting in CVE-2026-4293 (CVE-2026-4293). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35676 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35676)
vulnerability in thorsten/phpmyfaq (CVE-2026-35676). Data can be tampered with by attackers. Exploitable via `PUT /api/index.php/user/password/update`. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-46431 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-46431)
vulnerability in github.com/xyproto/algernon (CVE-2026-46431). Risk of unauthorized operations or information disclosure. Exploitable via ``Origin``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-45792 |
|
Vulnerability in rtk (CVE-2026-45792)
vulnerability in rtk (CVE-2026-45792). Data can be tampered with by attackers. Exploitable via ``strip_lines_matching``. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-24425 |
|
Vulnerability in twig/twig (CVE-2026-24425)
vulnerability in twig/twig (CVE-2026-24425). Successful exploitation can lead to full system takeover. Exploitable via ``SourcePolicyInterface``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-4224 |
|
Vulnerability in libpython (CVE-2026-4224)
vulnerability in libpython (CVE-2026-4224). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.13, 3.14.4` or later.
|
| CVE-2026-42959 |
|
Vulnerability in c (CVE-2026-42959)
vulnerability in c (CVE-2026-42959). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41054 |
|
Vulnerability in c (CVE-2026-41054)
vulnerability in c (CVE-2026-41054). Successful exploitation can lead to full system takeover. Exploitable via ``socket_handler``.
|
| CVE-2026-6405 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7522 |
|
Vulnerability in wordpress (CVE-2026-7522)
vulnerability in wordpress (CVE-2026-7522). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7637 |
|
Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8626 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8626)
cross-site scripting in wordpress (CVE-2026-8626). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7472 |
|
SQL Injection in wordpress (CVE-2026-7472)
SQL injection in wordpress (CVE-2026-7472). Confidential information can be exposed externally.
|
| CVE-2026-6555 |
|
Unrestricted File Upload in wordpress (CVE-2026-6555)
vulnerability in wordpress (CVE-2026-6555). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6456 |
|
Authentication Bypass in wordpress (CVE-2026-6456)
authentication bypass in wordpress (CVE-2026-6456). Successful exploitation can lead to full system takeover. Exploitable via ``rememberLogin``.
|
| CVE-2026-6401 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6401)
vulnerability in wordpress (CVE-2026-6401). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5293 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5293)
cross-site scripting in wordpress (CVE-2026-5293). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6395 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6395)
vulnerability in wordpress (CVE-2026-6395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6072 |
|
Vulnerability in wordpress (CVE-2026-6072)
vulnerability in wordpress (CVE-2026-6072). Confidential information can be exposed externally.
|
| CVE-2026-43620 |
|
Out-of-Bounds Read in c (CVE-2026-43620)
vulnerability in c (CVE-2026-43620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45232 |
|
Vulnerability in c (CVE-2026-45232)
vulnerability in c (CVE-2026-45232). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39309 |
|
Vulnerability in CVE-2026-39309 (CVE-2026-39309)
vulnerability in CVE-2026-39309 (CVE-2026-39309). Confidential information can be exposed externally.
|
| CVE-2026-5090 |
|
Cross-Site Scripting (XSS) in CVE-2026-5090 (CVE-2026-5090)
cross-site scripting in CVE-2026-5090 (CVE-2026-5090). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34246 |
|
Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34241 |
|
Cross-Site Scripting (XSS) in CVE-2026-34241 (CVE-2026-34241)
cross-site scripting in CVE-2026-34241 (CVE-2026-34241). Confidential information can be exposed externally.
|
| CVE-2026-34234 |
|
OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
OS command injection in CVE-2026-34234 (CVE-2026-34234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34216 |
|
Vulnerability in CVE-2026-34216 (CVE-2026-34216)
vulnerability in CVE-2026-34216 (CVE-2026-34216). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46417 |
|
SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
|
| CVE-2026-45783 |
|
Vulnerability in @libp2p/kad-dht (CVE-2026-45783)
vulnerability in @libp2p/kad-dht (CVE-2026-45783). Risk of unauthorized operations or information disclosure. Exploitable via ``PUT_VALUE``. Mitigation: upgrade to `16.2.6` or later.
|
| CVE-2026-46342 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-46342)
cross-site scripting in nuxt (CVE-2026-46342). Risk of unauthorized operations or information disclosure. Exploitable via ``props``. Mitigation: upgrade to `4.4.6` or later.
|