Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9183 |
|
Information Disclosure in wordpress (CVE-2026-9183)
vulnerability in wordpress (CVE-2026-9183). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8705 |
|
SQL Injection in wordpress (CVE-2026-8705)
SQL injection in wordpress (CVE-2026-8705). Confidential information can be exposed externally. Exploitable via ``clearsale_total_push``.
|
| CVE-2026-8628 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8628)
cross-site scripting in wordpress (CVE-2026-8628). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13006 |
|
Vulnerability in CVE-2026-13006 (CVE-2026-13006)
vulnerability in CVE-2026-13006 (CVE-2026-13006). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12417 |
|
Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
|
| CVE-2026-10091 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10091)
cross-site scripting in wordpress (CVE-2026-10091). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10749 |
|
Vulnerability in wordpress (CVE-2026-10749)
vulnerability in wordpress (CVE-2026-10749). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3652 |
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
| CVE-2026-54639 |
|
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire...
|
| CVE-2026-56785 |
|
Cross-Site Scripting (XSS) in CVE-2026-56785 (CVE-2026-56785)
cross-site scripting in CVE-2026-56785 (CVE-2026-56785). Confidential information can be exposed externally.
|
| CVE-2026-54512 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512). Successful exploitation can lead to full system takeover. Exploitable via ``PolymorphicTypeValidator``. Mitigation: upgrade to `2.21.4` or later.
|
| CVE-2026-56120 |
|
Vulnerability in CVE-2026-56120 (CVE-2026-56120)
vulnerability in CVE-2026-56120 (CVE-2026-56120). Confidential information can be exposed externally.
|
| CVE-2026-11819 |
|
Vulnerability in c (CVE-2026-11819)
vulnerability in c (CVE-2026-11819). Confidential information can be exposed externally.
|
| CVE-2026-11820 |
|
Vulnerability in c (CVE-2026-11820)
vulnerability in c (CVE-2026-11820). Confidential information can be exposed externally.
|
| CVE-2026-55249 |
|
OS Command Injection in c (CVE-2026-55249)
OS command injection in c (CVE-2026-55249). Confidential information can be exposed externally.
|
| CVE-2026-55488 |
|
Path Traversal in motioneye (CVE-2026-55488)
path traversal in motioneye (CVE-2026-55488). Risk of unauthorized operations or information disclosure. Exploitable via `GET /movie/`. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-50221 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50221)
SSRF in ssrf (CVE-2026-50221). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71382 |
|
Vulnerability in c (CVE-2025-71382)
vulnerability in c (CVE-2025-71382). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55448 |
|
OS Command Injection in mise (CVE-2026-55448)
OS command injection in mise (CVE-2026-55448). Confidential information can be exposed externally. Exploitable via ``mise``. Mitigation: upgrade to `2026.6.4` or later.
|
| CVE-2026-55441 |
|
OS Command Injection in mise (CVE-2026-55441)
OS command injection in mise (CVE-2026-55441). Successful exploitation can lead to full system takeover. Exploitable via ``mise.toml``. Mitigation: upgrade to `2026.6.4` or later.
|
| CVE-2026-53662 |
|
Cross-Site Scripting (XSS) in CVE-2026-53662 (CVE-2026-53662)
cross-site scripting in CVE-2026-53662 (CVE-2026-53662). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54557 |
|
Path Traversal in mise (CVE-2026-54557)
path traversal in mise (CVE-2026-54557). Data can be tampered with by attackers. Exploitable via ``bin_path``. Mitigation: upgrade to `2026.6.1` or later.
|
| CVE-2026-52816 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52816)
vulnerability in gogs.io/gogs (CVE-2026-52816). Risk of unauthorized operations or information disclosure. Exploitable via `POST /-/api/sanitize_ipynb`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-56114 |
|
Out-of-Bounds Write in c (CVE-2026-56114)
out-of-bounds write in c (CVE-2026-56114). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56115 |
|
Vulnerability in c (CVE-2026-56115)
vulnerability in c (CVE-2026-56115). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56117 |
|
Use-After-Free in c (CVE-2026-56117)
vulnerability in c (CVE-2026-56117). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44960 |
|
Cross-Site Scripting (XSS) in CVE-2026-44960 (CVE-2026-44960)
cross-site scripting in CVE-2026-44960 (CVE-2026-44960). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44958 |
|
Vulnerability in CVE-2026-44958 (CVE-2026-44958)
vulnerability in CVE-2026-44958 (CVE-2026-44958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44959 |
|
Code Injection in CVE-2026-44959 (CVE-2026-44959)
code injection in CVE-2026-44959 (CVE-2026-44959). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44956 |
|
Cross-Site Scripting (XSS) in CVE-2026-44956 (CVE-2026-44956)
cross-site scripting in CVE-2026-44956 (CVE-2026-44956). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34916 |
|
Code Injection in CVE-2026-34916 (CVE-2026-34916)
code injection in CVE-2026-34916 (CVE-2026-34916). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34915 |
|
Cross-Site Scripting (XSS) in sqli (CVE-2026-34915)
cross-site scripting in sqli (CVE-2026-34915). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34914 |
|
SQL Injection in sqli (CVE-2026-34914)
SQL injection in sqli (CVE-2026-34914). Data can be tampered with by attackers.
|
| CVE-2026-34913 |
|
Vulnerability in CVE-2026-34913 (CVE-2026-34913)
vulnerability in CVE-2026-34913 (CVE-2026-34913). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34912 |
|
Vulnerability in CVE-2026-34912 (CVE-2026-34912)
vulnerability in CVE-2026-34912 (CVE-2026-34912). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52814 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52814)
vulnerability in gogs.io/gogs (CVE-2026-52814). Risk of unauthorized operations or information disclosure. Exploitable via ``net.Conn``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52807 |
|
Cross-Site Scripting (XSS) in gogs.io/gogs (CVE-2026-52807)
cross-site scripting in gogs.io/gogs (CVE-2026-52807). Risk of unauthorized operations or information disclosure. Exploitable via ``preserveHTML``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2025-55639 |
|
Vulnerability in c (CVE-2025-55639)
vulnerability in c (CVE-2025-55639). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11772 |
|
Cross-Site Scripting (XSS) in CVE-2026-11772 (CVE-2026-11772)
cross-site scripting in CVE-2026-11772 (CVE-2026-11772). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12969 |
|
Out-of-Bounds Read in c (CVE-2026-12969)
vulnerability in c (CVE-2026-12969). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56784 |
|
Vulnerability in CVE-2026-56784 (CVE-2026-56784)
vulnerability in CVE-2026-56784 (CVE-2026-56784). Confidential information can be exposed externally.
|
| CVE-2026-56762 |
|
Vulnerability in CVE-2026-56762 (CVE-2026-56762)
vulnerability in CVE-2026-56762 (CVE-2026-56762). Risk of unauthorized operations or information disclosure. Exploitable via `Cookie header`.
|
| CVE-2026-56371 |
|
Vulnerability in c (CVE-2026-56371)
vulnerability in c (CVE-2026-56371). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56315 |
|
Vulnerability in CVE-2026-56315 (CVE-2026-56315)
vulnerability in CVE-2026-56315 (CVE-2026-56315). Successful exploitation can lead to full system takeover.
|
| CVE-2023-54365 |
|
Vulnerability in traefik (CVE-2023-54365)
vulnerability in traefik (CVE-2023-54365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12866 |
|
Code Injection in CVE-2026-12866 (CVE-2026-12866)
code injection in CVE-2026-12866 (CVE-2026-12866). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10651 |
|
Vulnerability in c (CVE-2026-10651)
vulnerability in c (CVE-2026-10651). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10645 |
|
Out-of-Bounds Read in c (CVE-2026-10645)
vulnerability in c (CVE-2026-10645). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10658 |
|
Out-of-Bounds Read in c (CVE-2026-10658)
vulnerability in c (CVE-2026-10658). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52798 |
|
Cross-Site Scripting (XSS) in gogs.io/gogs (CVE-2026-52798)
cross-site scripting in gogs.io/gogs (CVE-2026-52798). Confidential information can be exposed externally. Exploitable via ``poc``. Mitigation: upgrade to `0.14.3` or later.
|