Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9114 |
|
Use-After-Free in google (CVE-2026-9114)
vulnerability in google (CVE-2026-9114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9113 |
|
Out-of-Bounds Read in google (CVE-2026-9113)
vulnerability in google (CVE-2026-9113). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9112 |
|
Use-After-Free in google (CVE-2026-9112)
vulnerability in google (CVE-2026-9112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9111 |
|
Use-After-Free in Google chrome (CVE-2026-9111)
vulnerability in Google chrome (CVE-2026-9111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9110 |
|
Vulnerability in google (CVE-2026-9110)
vulnerability in google (CVE-2026-9110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35016 |
|
Cross-Site Scripting (XSS) in CVE-2026-35016 (CVE-2026-35016)
cross-site scripting in CVE-2026-35016 (CVE-2026-35016). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35009 |
|
Cross-Site Scripting (XSS) in CVE-2026-35009 (CVE-2026-35009)
cross-site scripting in CVE-2026-35009 (CVE-2026-35009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35015 |
|
Cross-Site Scripting (XSS) in CVE-2026-35015 (CVE-2026-35015)
cross-site scripting in CVE-2026-35015 (CVE-2026-35015). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35014 |
|
Cross-Site Scripting (XSS) in CVE-2026-35014 (CVE-2026-35014)
cross-site scripting in CVE-2026-35014 (CVE-2026-35014). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35013 |
|
Cross-Site Scripting (XSS) in CVE-2026-35013 (CVE-2026-35013)
cross-site scripting in CVE-2026-35013 (CVE-2026-35013). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35012 |
|
Cross-Site Scripting (XSS) in CVE-2026-35012 (CVE-2026-35012)
cross-site scripting in CVE-2026-35012 (CVE-2026-35012). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35011 |
|
Cross-Site Scripting (XSS) in CVE-2026-35011 (CVE-2026-35011)
cross-site scripting in CVE-2026-35011 (CVE-2026-35011). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35010 |
|
Cross-Site Scripting (XSS) in CVE-2026-35010 (CVE-2026-35010)
cross-site scripting in CVE-2026-35010 (CVE-2026-35010). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2813 |
|
Open Redirect in esri (CVE-2026-2813)
vulnerability in esri (CVE-2026-2813). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35008 |
|
Cross-Site Scripting (XSS) in CVE-2026-35008 (CVE-2026-35008)
cross-site scripting in CVE-2026-35008 (CVE-2026-35008). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35007 |
|
Cross-Site Scripting (XSS) in CVE-2026-35007 (CVE-2026-35007)
cross-site scripting in CVE-2026-35007 (CVE-2026-35007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2812 |
|
Authentication Bypass in esri (CVE-2026-2812)
authentication bypass in esri (CVE-2026-2812). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35676 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35676)
vulnerability in thorsten/phpmyfaq (CVE-2026-35676). Data can be tampered with by attackers. Exploitable via `PUT /api/index.php/user/password/update`. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-24425 |
|
Vulnerability in twig/twig (CVE-2026-24425)
vulnerability in twig/twig (CVE-2026-24425). Successful exploitation can lead to full system takeover. Exploitable via ``SourcePolicyInterface``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-45584 |
|
Vulnerability in microsoft (CVE-2026-45584)
vulnerability in microsoft (CVE-2026-45584). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41091 KEV |
|
[KEV] Vulnerability in Microsoft malware-protection-engine (CVE-2026-41091)
vulnerability in Microsoft malware-protection-engine (CVE-2026-41091). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-29518 |
|
Vulnerability in privilege-escalation (CVE-2026-29518)
vulnerability in privilege-escalation (CVE-2026-29518). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6405 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7522 |
|
Vulnerability in wordpress (CVE-2026-7522)
vulnerability in wordpress (CVE-2026-7522). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7637 |
|
Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8626 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8626)
cross-site scripting in wordpress (CVE-2026-8626). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7472 |
|
SQL Injection in wordpress (CVE-2026-7472)
SQL injection in wordpress (CVE-2026-7472). Confidential information can be exposed externally.
|
| CVE-2026-6401 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6401)
vulnerability in wordpress (CVE-2026-6401). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6456 |
|
Authentication Bypass in wordpress (CVE-2026-6456)
authentication bypass in wordpress (CVE-2026-6456). Successful exploitation can lead to full system takeover. Exploitable via ``rememberLogin``.
|
| CVE-2026-6555 |
|
Unrestricted File Upload in wordpress (CVE-2026-6555)
vulnerability in wordpress (CVE-2026-6555). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6072 |
|
Vulnerability in wordpress (CVE-2026-6072)
vulnerability in wordpress (CVE-2026-6072). Confidential information can be exposed externally.
|
| CVE-2026-45232 |
|
Vulnerability in c (CVE-2026-45232)
vulnerability in c (CVE-2026-45232). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43620 |
|
Out-of-Bounds Read in c (CVE-2026-43620)
vulnerability in c (CVE-2026-43620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43619 |
|
Vulnerability in samba (CVE-2026-43619)
vulnerability in samba (CVE-2026-43619). Confidential information can be exposed externally.
|
| CVE-2026-43618 |
|
Out-of-Bounds Read in samba (CVE-2026-43618)
vulnerability in samba (CVE-2026-43618). Confidential information can be exposed externally.
|
| CVE-2026-43617 |
|
Vulnerability in samba (CVE-2026-43617)
vulnerability in samba (CVE-2026-43617). Risk of unauthorized operations or information disclosure.
|
| CVE-2010-0806 KEV |
|
[KEV] Vulnerability in Microsoft internet-explorer (CVE-2010-0806)
vulnerability in Microsoft internet-explorer (CVE-2010-0806). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2009-3459 KEV |
|
[KEV] Buffer Overflow in Adobe acrobat (CVE-2009-3459)
vulnerability in Adobe acrobat (CVE-2009-3459). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34234 |
|
OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
OS command injection in CVE-2026-34234 (CVE-2026-34234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34246 |
|
Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34216 |
|
Vulnerability in CVE-2026-34216 (CVE-2026-34216)
vulnerability in CVE-2026-34216 (CVE-2026-34216). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42526 |
|
Authorization Flaw in apache-airflow-providers-amazon (CVE-2026-42526)
vulnerability in apache-airflow-providers-amazon (CVE-2026-42526). Confidential information can be exposed externally. Exploitable via ``conn_id``. Mitigation: upgrade to `9.28.0` or later.
|
| CVE-2026-27173 |
|
Vulnerability in apache-airflow-providers-cncf-kubernetes (CVE-2026-27173)
vulnerability in apache-airflow-providers-cncf-kubernetes (CVE-2026-27173). Confidential information can be exposed externally. Mitigation: upgrade to `10.17.0` or later.
|
| CVE-2026-45802 |
|
Vulnerability in setasign/fpdi (CVE-2026-45802)
vulnerability in setasign/fpdi (CVE-2026-45802). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.7` or later.
|
| CVE-2026-46357 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357). Risk of unauthorized operations or information disclosure. Exploitable via ``createSite``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-8605 |
|
Vulnerability in scadabr (CVE-2026-8605)
vulnerability in scadabr (CVE-2026-8605). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8604 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-8604)
vulnerability in csrf (CVE-2026-8604). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8603 |
|
OS Command Injection in scadabr (CVE-2026-8603)
OS command injection in scadabr (CVE-2026-8603). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8602 |
|
Vulnerability in cisa (CVE-2026-8602)
vulnerability in cisa (CVE-2026-8602). Data can be tampered with by attackers.
|
| CVE-2026-46337 |
|
Path Traversal in WWBN/AVideo (CVE-2026-46337)
path traversal in WWBN/AVideo (CVE-2026-46337). Risk of unauthorized operations or information disclosure. Exploitable via `GET /view/img/image404Raw.php`.
|