Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: products Clear
ID Title
CVE-2026-41897 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-41897)
cross-site scripting in mantisbt/mantisbt (CVE-2026-41897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-39960 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-39960)
cross-site scripting in mantisbt/mantisbt (CVE-2026-39960). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-39850 Vulnerability in yiisoft/yii2 (CVE-2026-39850)
vulnerability in yiisoft/yii2 (CVE-2026-39850). Confidential information can be exposed externally. Exploitable via ``require``. Mitigation: upgrade to `2.0.55` or later.
CVE-2026-34579 Information Disclosure in mantisbt/mantisbt (CVE-2026-34579)
vulnerability in mantisbt/mantisbt (CVE-2026-34579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-34463 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-34463)
cross-site scripting in mantisbt/mantisbt (CVE-2026-34463). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-34390 Vulnerability in mantisbt/mantisbt (CVE-2026-34390)
vulnerability in mantisbt/mantisbt (CVE-2026-34390). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /project/{id}/users`. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-42871 Information Disclosure in CVE-2026-42871 (CVE-2026-42871)
vulnerability in CVE-2026-42871 (CVE-2026-42871). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-5266 Information Disclosure in CVE-2026-5266 (CVE-2026-5266)
vulnerability in CVE-2026-5266 (CVE-2026-5266). Risk of unauthorized operations or information disclosure.
CVE-2026-44413 Vulnerability in jetbrains (CVE-2026-44413)
vulnerability in jetbrains (CVE-2026-44413). Confidential information can be exposed externally.
CVE-2026-36962 SQL Injection in sqli (CVE-2026-36962)
SQL injection in sqli (CVE-2026-36962). Risk of unauthorized operations or information disclosure.
CVE-2026-34095 Vulnerability in mediawiki (CVE-2026-34095)
vulnerability in mediawiki (CVE-2026-34095). Risk of unauthorized operations or information disclosure.
CVE-2026-34093 Information Disclosure in mediawiki (CVE-2026-34093)
vulnerability in mediawiki (CVE-2026-34093). Risk of unauthorized operations or information disclosure.
CVE-2026-34094 Vulnerability in mediawiki (CVE-2026-34094)
vulnerability in mediawiki (CVE-2026-34094). Risk of unauthorized operations or information disclosure.
CVE-2026-42607 Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-34092 Information Disclosure in mediawiki (CVE-2026-34092)
vulnerability in mediawiki (CVE-2026-34092). Confidential information can be exposed externally.
CVE-2025-65416 Unrestricted File Upload in CVE-2025-65416 (CVE-2025-65416)
vulnerability in CVE-2025-65416 (CVE-2025-65416). Risk of unauthorized operations or information disclosure.
CVE-2025-61311 Cross-Site Scripting (XSS) in CVE-2025-61311 (CVE-2025-61311)
cross-site scripting in CVE-2025-61311 (CVE-2025-61311). Confidential information can be exposed externally.
CVE-2025-61314 Cross-Site Scripting (XSS) in CVE-2025-61314 (CVE-2025-61314)
cross-site scripting in CVE-2025-61314 (CVE-2025-61314). Confidential information can be exposed externally.
CVE-2025-61313 Cross-Site Scripting (XSS) in CVE-2025-61313 (CVE-2025-61313)
cross-site scripting in CVE-2025-61313 (CVE-2025-61313). Confidential information can be exposed externally.
CVE-2025-61312 Cross-Site Scripting (XSS) in CVE-2025-61312 (CVE-2025-61312)
cross-site scripting in CVE-2025-61312 (CVE-2025-61312). Confidential information can be exposed externally.
CVE-2025-61310 Cross-Site Scripting (XSS) in CVE-2025-61310 (CVE-2025-61310)
cross-site scripting in CVE-2025-61310 (CVE-2025-61310). Risk of unauthorized operations or information disclosure.
CVE-2025-61309 Cross-Site Scripting (XSS) in CVE-2025-61309 (CVE-2025-61309)
cross-site scripting in CVE-2025-61309 (CVE-2025-61309). Risk of unauthorized operations or information disclosure.
CVE-2025-61308 Cross-Site Scripting (XSS) in CVE-2025-61308 (CVE-2025-61308)
cross-site scripting in CVE-2025-61308 (CVE-2025-61308). Risk of unauthorized operations or information disclosure.
CVE-2025-61307 Cross-Site Scripting (XSS) in CVE-2025-61307 (CVE-2025-61307)
cross-site scripting in CVE-2025-61307 (CVE-2025-61307). Risk of unauthorized operations or information disclosure.
CVE-2025-61306 Cross-Site Scripting (XSS) in CVE-2025-61306 (CVE-2025-61306)
cross-site scripting in CVE-2025-61306 (CVE-2025-61306). Risk of unauthorized operations or information disclosure.
CVE-2025-61305 Cross-Site Scripting (XSS) in CVE-2025-61305 (CVE-2025-61305)
cross-site scripting in CVE-2025-61305 (CVE-2025-61305). Risk of unauthorized operations or information disclosure.
CVE-2026-40217 Vulnerability in litellm (CVE-2026-40217)
vulnerability in litellm (CVE-2026-40217). Successful exploitation can lead to full system takeover. Exploitable via `POST /guardrails/test_custom_code`. Mitigation: upgrade to `1.83.10` or later.
CVE-2026-6956 Cross-Site Scripting (XSS) in CVE-2026-6956 (CVE-2026-6956)
cross-site scripting in CVE-2026-6956 (CVE-2026-6956). Risk of unauthorized operations or information disclosure.
CVE-2026-6909 Cross-Site Scripting (XSS) in CVE-2026-6909 (CVE-2026-6909)
cross-site scripting in CVE-2026-6909 (CVE-2026-6909). Risk of unauthorized operations or information disclosure.
CVE-2026-41018 Vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018)
vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `6.5.3` or later.
CVE-2026-43826 Vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826)
vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-23918 Vulnerability in jvn (CVE-2026-23918)
vulnerability in jvn (CVE-2026-23918). Successful exploitation can lead to full system takeover.
CVE-2026-6433 Vulnerability in wordpress (CVE-2026-6433)
vulnerability in wordpress (CVE-2026-6433). Risk of unauthorized operations or information disclosure.
CVE-2022-50960 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50960)
cross-site scripting in wordpress (CVE-2022-50960). Risk of unauthorized operations or information disclosure.
CVE-2022-50955 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2022-50955)
vulnerability in wordpress (CVE-2022-50955). Risk of unauthorized operations or information disclosure.
CVE-2022-50956 Path Traversal in wordpress (CVE-2022-50956)
path traversal in wordpress (CVE-2022-50956). Confidential information can be exposed externally.
CVE-2022-50959 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50959)
cross-site scripting in wordpress (CVE-2022-50959). Risk of unauthorized operations or information disclosure.
CVE-2022-50958 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50958)
cross-site scripting in wordpress (CVE-2022-50958). Risk of unauthorized operations or information disclosure.
CVE-2022-50944 Code Injection in CVE-2022-50944 (CVE-2022-50944)
code injection in CVE-2022-50944 (CVE-2022-50944). Successful exploitation can lead to full system takeover.
CVE-2022-50954 Vulnerability in wordpress (CVE-2022-50954)
vulnerability in wordpress (CVE-2022-50954). Confidential information can be exposed externally.
CVE-2021-47950 Cross-Site Scripting (XSS) in CVE-2021-47950 (CVE-2021-47950)
cross-site scripting in CVE-2021-47950 (CVE-2021-47950). Risk of unauthorized operations or information disclosure.
CVE-2022-50943 Cross-Site Scripting (XSS) in moodle (CVE-2022-50943)
cross-site scripting in moodle (CVE-2022-50943). Risk of unauthorized operations or information disclosure.
CVE-2021-47947 Cross-Site Scripting (XSS) in CVE-2021-47947 (CVE-2021-47947)
cross-site scripting in CVE-2021-47947 (CVE-2021-47947). Risk of unauthorized operations or information disclosure.
CVE-2021-47938 Code Injection in CVE-2021-47938 (CVE-2021-47938)
code injection in CVE-2021-47938 (CVE-2021-47938). Successful exploitation can lead to full system takeover.
CVE-2021-47939 Code Injection in CVE-2021-47939 (CVE-2021-47939)
code injection in CVE-2021-47939 (CVE-2021-47939). Successful exploitation can lead to full system takeover.
CVE-2021-47940 Vulnerability in wordpress (CVE-2021-47940)
vulnerability in wordpress (CVE-2021-47940). Successful exploitation can lead to full system takeover.
CVE-2021-47943 Unrestricted File Upload in CVE-2021-47943 (CVE-2021-47943)
vulnerability in CVE-2021-47943 (CVE-2021-47943). Successful exploitation can lead to full system takeover.
CVE-2021-47937 Unrestricted File Upload in CVE-2021-47937 (CVE-2021-47937)
vulnerability in CVE-2021-47937 (CVE-2021-47937). Successful exploitation can lead to full system takeover.
CVE-2021-47935 Code Injection in sentry (CVE-2021-47935)
code injection in sentry (CVE-2021-47935). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.2` or later.
CVE-2021-47936 Vulnerability in CVE-2021-47936 (CVE-2021-47936)
vulnerability in CVE-2021-47936 (CVE-2021-47936). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →