Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41897 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-41897)
cross-site scripting in mantisbt/mantisbt (CVE-2026-41897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-39960 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-39960)
cross-site scripting in mantisbt/mantisbt (CVE-2026-39960). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-39850 |
|
Vulnerability in yiisoft/yii2 (CVE-2026-39850)
vulnerability in yiisoft/yii2 (CVE-2026-39850). Confidential information can be exposed externally. Exploitable via ``require``. Mitigation: upgrade to `2.0.55` or later.
|
| CVE-2026-34579 |
|
Information Disclosure in mantisbt/mantisbt (CVE-2026-34579)
vulnerability in mantisbt/mantisbt (CVE-2026-34579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-34463 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-34463)
cross-site scripting in mantisbt/mantisbt (CVE-2026-34463). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-34390 |
|
Vulnerability in mantisbt/mantisbt (CVE-2026-34390)
vulnerability in mantisbt/mantisbt (CVE-2026-34390). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /project/{id}/users`. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-42871 |
|
Information Disclosure in CVE-2026-42871 (CVE-2026-42871)
vulnerability in CVE-2026-42871 (CVE-2026-42871). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-5266 |
|
Information Disclosure in CVE-2026-5266 (CVE-2026-5266)
vulnerability in CVE-2026-5266 (CVE-2026-5266). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44413 |
|
Vulnerability in jetbrains (CVE-2026-44413)
vulnerability in jetbrains (CVE-2026-44413). Confidential information can be exposed externally.
|
| CVE-2026-36962 |
|
SQL Injection in sqli (CVE-2026-36962)
SQL injection in sqli (CVE-2026-36962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34095 |
|
Vulnerability in mediawiki (CVE-2026-34095)
vulnerability in mediawiki (CVE-2026-34095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34093 |
|
Information Disclosure in mediawiki (CVE-2026-34093)
vulnerability in mediawiki (CVE-2026-34093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34094 |
|
Vulnerability in mediawiki (CVE-2026-34094)
vulnerability in mediawiki (CVE-2026-34094). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42607 |
|
Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-34092 |
|
Information Disclosure in mediawiki (CVE-2026-34092)
vulnerability in mediawiki (CVE-2026-34092). Confidential information can be exposed externally.
|
| CVE-2025-65416 |
|
Unrestricted File Upload in CVE-2025-65416 (CVE-2025-65416)
vulnerability in CVE-2025-65416 (CVE-2025-65416). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61311 |
|
Cross-Site Scripting (XSS) in CVE-2025-61311 (CVE-2025-61311)
cross-site scripting in CVE-2025-61311 (CVE-2025-61311). Confidential information can be exposed externally.
|
| CVE-2025-61314 |
|
Cross-Site Scripting (XSS) in CVE-2025-61314 (CVE-2025-61314)
cross-site scripting in CVE-2025-61314 (CVE-2025-61314). Confidential information can be exposed externally.
|
| CVE-2025-61313 |
|
Cross-Site Scripting (XSS) in CVE-2025-61313 (CVE-2025-61313)
cross-site scripting in CVE-2025-61313 (CVE-2025-61313). Confidential information can be exposed externally.
|
| CVE-2025-61312 |
|
Cross-Site Scripting (XSS) in CVE-2025-61312 (CVE-2025-61312)
cross-site scripting in CVE-2025-61312 (CVE-2025-61312). Confidential information can be exposed externally.
|
| CVE-2025-61310 |
|
Cross-Site Scripting (XSS) in CVE-2025-61310 (CVE-2025-61310)
cross-site scripting in CVE-2025-61310 (CVE-2025-61310). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61309 |
|
Cross-Site Scripting (XSS) in CVE-2025-61309 (CVE-2025-61309)
cross-site scripting in CVE-2025-61309 (CVE-2025-61309). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61308 |
|
Cross-Site Scripting (XSS) in CVE-2025-61308 (CVE-2025-61308)
cross-site scripting in CVE-2025-61308 (CVE-2025-61308). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61307 |
|
Cross-Site Scripting (XSS) in CVE-2025-61307 (CVE-2025-61307)
cross-site scripting in CVE-2025-61307 (CVE-2025-61307). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61306 |
|
Cross-Site Scripting (XSS) in CVE-2025-61306 (CVE-2025-61306)
cross-site scripting in CVE-2025-61306 (CVE-2025-61306). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61305 |
|
Cross-Site Scripting (XSS) in CVE-2025-61305 (CVE-2025-61305)
cross-site scripting in CVE-2025-61305 (CVE-2025-61305). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40217 |
|
Vulnerability in litellm (CVE-2026-40217)
vulnerability in litellm (CVE-2026-40217). Successful exploitation can lead to full system takeover. Exploitable via `POST /guardrails/test_custom_code`. Mitigation: upgrade to `1.83.10` or later.
|
| CVE-2026-6956 |
|
Cross-Site Scripting (XSS) in CVE-2026-6956 (CVE-2026-6956)
cross-site scripting in CVE-2026-6956 (CVE-2026-6956). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6909 |
|
Cross-Site Scripting (XSS) in CVE-2026-6909 (CVE-2026-6909)
cross-site scripting in CVE-2026-6909 (CVE-2026-6909). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41018 |
|
Vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018)
vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `6.5.3` or later.
|
| CVE-2026-43826 |
|
Vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826)
vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-23918 |
|
Vulnerability in jvn (CVE-2026-23918)
vulnerability in jvn (CVE-2026-23918). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6433 |
|
Vulnerability in wordpress (CVE-2026-6433)
vulnerability in wordpress (CVE-2026-6433). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50960 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50960)
cross-site scripting in wordpress (CVE-2022-50960). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50955 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2022-50955)
vulnerability in wordpress (CVE-2022-50955). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50956 |
|
Path Traversal in wordpress (CVE-2022-50956)
path traversal in wordpress (CVE-2022-50956). Confidential information can be exposed externally.
|
| CVE-2022-50959 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50959)
cross-site scripting in wordpress (CVE-2022-50959). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50958 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50958)
cross-site scripting in wordpress (CVE-2022-50958). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50944 |
|
Code Injection in CVE-2022-50944 (CVE-2022-50944)
code injection in CVE-2022-50944 (CVE-2022-50944). Successful exploitation can lead to full system takeover.
|
| CVE-2022-50954 |
|
Vulnerability in wordpress (CVE-2022-50954)
vulnerability in wordpress (CVE-2022-50954). Confidential information can be exposed externally.
|
| CVE-2021-47950 |
|
Cross-Site Scripting (XSS) in CVE-2021-47950 (CVE-2021-47950)
cross-site scripting in CVE-2021-47950 (CVE-2021-47950). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50943 |
|
Cross-Site Scripting (XSS) in moodle (CVE-2022-50943)
cross-site scripting in moodle (CVE-2022-50943). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47947 |
|
Cross-Site Scripting (XSS) in CVE-2021-47947 (CVE-2021-47947)
cross-site scripting in CVE-2021-47947 (CVE-2021-47947). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47938 |
|
Code Injection in CVE-2021-47938 (CVE-2021-47938)
code injection in CVE-2021-47938 (CVE-2021-47938). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47939 |
|
Code Injection in CVE-2021-47939 (CVE-2021-47939)
code injection in CVE-2021-47939 (CVE-2021-47939). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47940 |
|
Vulnerability in wordpress (CVE-2021-47940)
vulnerability in wordpress (CVE-2021-47940). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47943 |
|
Unrestricted File Upload in CVE-2021-47943 (CVE-2021-47943)
vulnerability in CVE-2021-47943 (CVE-2021-47943). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47937 |
|
Unrestricted File Upload in CVE-2021-47937 (CVE-2021-47937)
vulnerability in CVE-2021-47937 (CVE-2021-47937). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47935 |
|
Code Injection in sentry (CVE-2021-47935)
code injection in sentry (CVE-2021-47935). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.2` or later.
|
| CVE-2021-47936 |
|
Vulnerability in CVE-2021-47936 (CVE-2021-47936)
vulnerability in CVE-2021-47936 (CVE-2021-47936). Successful exploitation can lead to full system takeover.
|